From fe2d37295eeb6bfa6345cfa9648edbec58d0c485 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Fri, 8 Jul 2016 14:47:20 +0100
Subject: [PATCH] virconf: fix off-by-1 when appending \n to config file

If the config file does not end with a \n, the parser will append
one. When re-allocating the array though, it is mistakenly assuming
that 'len' is the length including the trailing NUL, but it does
not. So we must add 2 to len, when reallocating, not 1.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 src/util/virconf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virconf.c b/src/util/virconf.c
index 7c98588dba..33e7744c32 100644
--- a/src/util/virconf.c
+++ b/src/util/virconf.c
@@ -779,7 +779,7 @@ virConfReadFile(const char *filename, unsigned int flags)
 
     if (len && len < MAX_CONFIG_FILE_SIZE && content[len - 1] != '\n') {
         VIR_DEBUG("appending newline to busted config file %s", filename);
-        if (VIR_REALLOC_N(content, len + 1) < 0)
+        if (VIR_REALLOC_N(content, len + 2) < 0)
             goto cleanup;
         content[len++] = '\n';
         content[len] = '\0';
-- 
2.47.2