sd-daemon: wipe out memory before using CMSG_NXTHDR()

[zonque]

CMSG_NXTHDR() checks for cmsg->cmsg_len after it increased the pointer.
While this makes sense for parsing received messages, that's a pitfall
for code crafting messages with this macro.

Wipe out the allocated memory to fix this.

Fixes #1505
h/t to @dvdhrm :)

[dvdhrm]

Lets see whether "Fixes #1505" is actually true, but looks good!

[poettering]

Oh, yuck. This one is nasty! Thanks for tracking this down.

Hmm, I wrote this following the precise description on the cmsg man page, which does not mention this:

       To create ancillary data, first initialize the msg_controllen member of the msghdr with the length of
       the control message buffer.  Use CMSG_FIRSTHDR() on the msghdr to get the first control  message  and
       CMSG_NXTHDR()  to  get  all  subsequent  ones.   In  each  control message, initialize cmsg_len (with
       CMSG_LEN()), the other cmsghdr header fields, and the data portion using CMSG_DATA().   Finally,  the
       msg_controllen  field of the msghdr should be set to the sum of the CMSG_SPACE() of the length of all
       control messages in the buffer. 

I figure we should let the manpages guys know that they should clarify that the memory needs to be NUL initialized...

I wonder if the cmsg_len check is a recent addition, or was always there

[poettering]

OK, I sent a mail to Michael about this, and put both of you in CC.