dissect: avoid overflow access by NULLSTR_FOREACH

NULLSTR_FOREACH expects two terminating NULs, but the joined string
for extension-release.d only had the canonical one.
Use a placeholder when joining and fix it manually.

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 997b265259bde7a1c5584499569322c3038ac7e8..f1d01f13c55c983753b05d385e37f90a9c1821cc 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -2270,9 +2270,11 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
 
         /* As per the os-release spec, if the image is an extension it will have a file
          * named after the image name in extension-release.d/ */
-        if (m->image_name)
-                paths[META_EXTENSION_RELEASE] = strjoina("/usr/lib/extension-release.d/extension-release.", m->image_name);
-        else
+        if (m->image_name) {
+                char *ext = strjoina("/usr/lib/extension-release.d/extension-release.", m->image_name, "0");
+                ext[strlen(ext) - 1] = '\0'; /* Extra \0 for NULSTR_FOREACH using placeholder from above */
+                paths[META_EXTENSION_RELEASE] = ext;
+        } else
                 log_debug("No image name available, will skip extension-release metadata");
 
         for (; n_meta_initialized < _META_MAX; n_meta_initialized ++) {