receive_portable_metadata() reads each item into a stack buffer of
PATH_MAX + NAME_MAX + 2 bytes, passes the full sizeof() as the recv
iovec length, and then NUL-terminates with iov_buffer[n] = 0. recvmsg()
can return n equal to the buffer size, so the terminator is written one
byte past the end.
Grow the buffer by one byte and cap the iovec at sizeof - 1, so a full
record is still received and the trailing NUL always fits, matching the
coredump-receive.c reader.
* but according to suggestions from the SELinux people this will change and it will probably
* be identical to NAME_MAX. For now we use that, but this should be updated one day when the
* final limit is known. */
- char iov_buffer[PATH_MAX + NAME_MAX + 2];
- struct iovec iov = IOVEC_MAKE(iov_buffer, sizeof(iov_buffer));
+ char iov_buffer[PATH_MAX + NAME_MAX + 2 + 1]; /* One extra byte for the trailing NUL we add below. */
+ struct iovec iov = IOVEC_MAKE(iov_buffer, sizeof(iov_buffer) - 1);
ssize_t n = receive_one_fd_iov(socket_fd, &iov, 1, 0, &fd);
if (n == -EIO)