From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Sun, 22 Dec 2019 00:10:38 +0000 (+0100)
Subject: Fix possible off-by-one when dealing with readlink(2)
X-Git-Tag: v3.4.1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1dae5a549fe4ab99fd3a49a9edcf897a7b2b1844;p=thirdparty%2Flibarchive.git

Fix possible off-by-one when dealing with readlink(2)

readlink(2) and readlinkat(2) don't append a null byte to the given buffer.
---

diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c
index 45417e9ac..2a8cec8d1 100644
--- a/libarchive/archive_read_disk_entry_from_file.c
+++ b/libarchive/archive_read_disk_entry_from_file.c
@@ -249,11 +249,11 @@ archive_read_disk_entry_from_file(struct archive *_a,
 
 #if defined(HAVE_READLINK) || defined(HAVE_READLINKAT)
 	if (S_ISLNK(st->st_mode)) {
-		size_t linkbuffer_len = st->st_size + 1;
+		size_t linkbuffer_len = st->st_size;
 		char *linkbuffer;
 		int lnklen;
 
-		linkbuffer = malloc(linkbuffer_len);
+		linkbuffer = malloc(linkbuffer_len + 1);
 		if (linkbuffer == NULL) {
 			archive_set_error(&a->archive, ENOMEM,
 			    "Couldn't read link data");
@@ -280,7 +280,7 @@ archive_read_disk_entry_from_file(struct archive *_a,
 			free(linkbuffer);
 			return (ARCHIVE_FAILED);
 		}
-		linkbuffer[lnklen] = 0;
+		linkbuffer[lnklen] = '\0';
 		archive_entry_set_symlink(entry, linkbuffer);
 		free(linkbuffer);
 	}
diff --git a/test_utils/test_main.c b/test_utils/test_main.c
index 1b9af9a9c..1b44edf17 100644
--- a/test_utils/test_main.c
+++ b/test_utils/test_main.c
@@ -1863,7 +1863,7 @@ is_symlink(const char *file, int line,
 		return (0);
 	if (contents == NULL)
 		return (1);
-	linklen = readlink(pathname, buff, sizeof(buff));
+	linklen = readlink(pathname, buff, sizeof(buff) - 1);
 	if (linklen < 0) {
 		failure_start(file, line, "Can't read symlink %s", pathname);
 		failure_finish(NULL);