From 1dae5a549fe4ab99fd3a49a9edcf897a7b2b1844 Mon Sep 17 00:00:00 2001 From: Pawel Jakub Dawidek Date: Sun, 22 Dec 2019 01:10:38 +0100 Subject: [PATCH] Fix possible off-by-one when dealing with readlink(2) readlink(2) and readlinkat(2) don't append a null byte to the given buffer. --- libarchive/archive_read_disk_entry_from_file.c | 6 +++--- test_utils/test_main.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c index 45417e9ac..2a8cec8d1 100644 --- a/libarchive/archive_read_disk_entry_from_file.c +++ b/libarchive/archive_read_disk_entry_from_file.c @@ -249,11 +249,11 @@ archive_read_disk_entry_from_file(struct archive *_a, #if defined(HAVE_READLINK) || defined(HAVE_READLINKAT) if (S_ISLNK(st->st_mode)) { - size_t linkbuffer_len = st->st_size + 1; + size_t linkbuffer_len = st->st_size; char *linkbuffer; int lnklen; - linkbuffer = malloc(linkbuffer_len); + linkbuffer = malloc(linkbuffer_len + 1); if (linkbuffer == NULL) { archive_set_error(&a->archive, ENOMEM, "Couldn't read link data"); @@ -280,7 +280,7 @@ archive_read_disk_entry_from_file(struct archive *_a, free(linkbuffer); return (ARCHIVE_FAILED); } - linkbuffer[lnklen] = 0; + linkbuffer[lnklen] = '\0'; archive_entry_set_symlink(entry, linkbuffer); free(linkbuffer); } diff --git a/test_utils/test_main.c b/test_utils/test_main.c index 1b9af9a9c..1b44edf17 100644 --- a/test_utils/test_main.c +++ b/test_utils/test_main.c @@ -1863,7 +1863,7 @@ is_symlink(const char *file, int line, return (0); if (contents == NULL) return (1); - linklen = readlink(pathname, buff, sizeof(buff)); + linklen = readlink(pathname, buff, sizeof(buff) - 1); if (linklen < 0) { failure_start(file, line, "Can't read symlink %s", pathname); failure_finish(NULL); -- 2.47.2