commit cc79381d1af8e783b6164745018a174399f46004
from: Stefan Sperling <stsp@stsp.name>
date: Wed May 22 09:00:20 2019 UTC

NUL-terminate empty logmsg buffer for strlcat(3)

Because the logmsg output buffer was not NUL-terminated after
allocation, strlcat(3) could append log message contents copied
from the temporary file at a wrong memory location. In the case
observed by me, this bug resulted in a broken commit object.

commit - d4592c7c7aa8a7bf2d09aeb096625941be8bd1e3
commit + cc79381d1af8e783b6164745018a174399f46004
blob - 467007950a323a5927f0abb5ad9e5c8d86312e52
blob + 4b1cab455691db7d86ef399b4e219d16bad3e26c
--- got/got.c
+++ got/got.c
@@ -2381,6 +2381,7 @@ collect_commit_logmsg(struct got_pathlist_head *commit
 		err = got_error_from_errno("malloc");
 		goto done;
 	}
+	(*logmsg)[0] = '\0';
 	len = 0;
 
 	fp = fopen(a->logmsg_path, "r");