debuginfod-client: Fix out-of-bounds write

Return early from path_escape when '\0' is seen in order to prevent
an out-of-bounds write to the dest buffer.

Signed-off-by: Aaron Merey <amerey@redhat.com>

diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index d097ca49d6e6309bbec11c8e966904a3c13ddfae..0c4a00cf9c6a0828e23237b29f9a77f9ba14639a 100644 (file)
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -595,8 +595,7 @@ path_escape (const char *src, char *dest)
       {
       case '\0':
         dest[q] = '\0';
-        q = PATH_MAX-1; /* escape for loop too */
-        break;
+       return;
       case '/': /* escape / to prevent dir escape */
         dest[q++]='#';
         dest[q++]='#';