https://bugs.gentoo.org/911583
https://github.com/systemd/systemd/issues/28635
https://github.com/systemd/systemd/commit/b456f2266afd839f8817235475e57c38e9d76dc9

From b456f2266afd839f8817235475e57c38e9d76dc9 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 2 Aug 2023 14:55:50 +0200
Subject: [PATCH] varlink: allocate the buffer for varlink FDs on the heap

Since it's ~16K, which might cause issues in environments with limited
stack space.

Resolves: #28635
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -633,7 +633,7 @@ static int varlink_write(Varlink *v) {
 #define VARLINK_FDS_MAX (16U*1024U)
 
 static int varlink_read(Varlink *v) {
-        CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX)) control;
+        _cleanup_free_ struct cmsghdr *cmsg_fds = NULL;
         struct iovec iov;
         struct msghdr mh;
         size_t rs;
@@ -690,9 +690,13 @@ static int varlink_read(Varlink *v) {
                 mh = (struct msghdr) {
                         .msg_iov = &iov,
                         .msg_iovlen = 1,
-                        .msg_control = &control,
-                        .msg_controllen = sizeof(control),
                 };
+
+                mh.msg_controllen = CMSG_SPACE(sizeof(int) * VARLINK_FDS_MAX);
+                mh.msg_control = cmsg_fds = malloc(mh.msg_controllen);
+                if (!cmsg_fds)
+                        return -ENOMEM;
+
                 n = recvmsg_safe(v->fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
         } else {
                 bool prefer_read = v->prefer_read_write;