From 26873dd71656730d5744efb7fa595d529b3c9ae6 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Wed, 2 Jan 2019 12:02:35 +0100
Subject: [PATCH] getstoredxa: fix missing null termination in ts buffer

As reported at https://forums.gentoo.org/viewtopic-p-8294330.html ,
the ts[] buffer was not null-terminated, which means that sscanf
reads into uninitialized memory, and we could get garbage values
for the timestamp.

This could lead to false positives like:

  Error: corrupt file "/usr/share/zoneinfo/Africa/Libreville"

Fix the issue by initializing the whole array to zero.

Thanks to mike155 ( https://forums.gentoo.org/viewtopic-p-8294330.html#8294330 )
for the analysis!
---
 cshatag.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cshatag.c b/cshatag.c
index f92fc65..5d5caea 100644
--- a/cshatag.c
+++ b/cshatag.c
@@ -151,12 +151,14 @@ xa_t getstoredxa(FILE *f)
 	 * 1335974989.123456789
 	 *    10     .     9     => len=20
 	 */
-	char ts[100];
+
 	/*
-	 * Initialize to zero-length string - if fgetxattr fails this is what we get
+	 * Initialize to all-zero so that:
+	 * 1) If fgetxattr fails we get a zero-length string
+	 * 2) If fgetxattr suceeds we have at least one null terminator
 	 */
-	ts[0]=0;
-	fgetxattr(fd, "user.shatag.ts", ts, sizeof(ts));
+	char ts[100]={0};
+	fgetxattr(fd, "user.shatag.ts", ts, sizeof(ts)-1);
 	/*
 	 * If sscanf fails (because ts is zero-length) variables stay zero
 	 */