From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 5 Mar 2021 20:19:44 +0000 (+0000)
Subject: dissect: avoid overflow access by NULLSTR_FOREACH
X-Git-Tag: v248-rc3~48
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4f67a5d92342d2420dcdfd3b840ba3531493f6b0;p=thirdparty%2Fsystemd.git

dissect: avoid overflow access by NULLSTR_FOREACH

NULLSTR_FOREACH expects two terminating NULs, but the joined string
for extension-release.d only had the canonical one.
Use a placeholder when joining and fix it manually.
---

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 997b265259b..f1d01f13c55 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -2270,9 +2270,11 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
 
         /* As per the os-release spec, if the image is an extension it will have a file
          * named after the image name in extension-release.d/ */
-        if (m->image_name)
-                paths[META_EXTENSION_RELEASE] = strjoina("/usr/lib/extension-release.d/extension-release.", m->image_name);
-        else
+        if (m->image_name) {
+                char *ext = strjoina("/usr/lib/extension-release.d/extension-release.", m->image_name, "0");
+                ext[strlen(ext) - 1] = '\0'; /* Extra \0 for NULSTR_FOREACH using placeholder from above */
+                paths[META_EXTENSION_RELEASE] = ext;
+        } else
                 log_debug("No image name available, will skip extension-release metadata");
 
         for (; n_meta_initialized < _META_MAX; n_meta_initialized ++) {