lib/path: fix possible out of boundary access

If fgets reads from a file starting with a NUL byte in ul_path_cpuparse,
then the check for newline leads to an out of boundary access.

Proof of Concept (compile with --enable-asan):

1. Prepare /tmp/poc with required files
```
$ install -d /tmp/poc/sys/devices/system/cpu
$ dd if=/dev/zero of=/tmp/poc/sys/devices/system/cpu/possible bs=1 count=1
$ install -D /dev/null /tmp/poc/proc/cpuinfo
```

2. Run lscpu with sysroot option
```
$ lscpu --sysroot /tmp/poc
=================================================================
==78238==ERROR: AddressSanitizer: heap-buffer-overflow
```

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/lib/path.c b/lib/path.c
index 9d4d3585b1884568b38dcd4db09ae841ef9b5e4c..53bb7986874add61c0250e2b1c6432f3fb662384 100644 (file)
--- a/lib/path.c
+++ b/lib/path.c
@@ -1042,7 +1042,7 @@ static int ul_path_cpuparse(struct path_cxt *pc, cpu_set_t **set, int maxcpus, i
                goto out;
 
        len = strlen(buf);
-       if (buf[len - 1] == '\n')
+       if (len > 0 && buf[len - 1] == '\n')
                buf[len - 1] = '\0';
 
        *set = cpuset_alloc(maxcpus, &setsize, NULL);