]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
portable: leave room for trailing NUL in metadata receive buffer
authorSyed Mohammed Nayyar <jmestwa@gmail.com>
Sun, 28 Jun 2026 11:22:43 +0000 (16:52 +0530)
committerLennart Poettering <lennart@poettering.net>
Tue, 30 Jun 2026 07:18:18 +0000 (09:18 +0200)
receive_portable_metadata() reads each item into a stack buffer of
PATH_MAX + NAME_MAX + 2 bytes, passes the full sizeof() as the recv
iovec length, and then NUL-terminates with iov_buffer[n] = 0. recvmsg()
can return n equal to the buffer size, so the terminator is written one
byte past the end.

Grow the buffer by one byte and cap the iovec at sizeof - 1, so a full
record is still received and the trailing NUL always fits, matching the
coredump-receive.c reader.

src/portable/portable.c

index 9d510118be284030f2d6fa7297832e1e9529b148..f0bdb40fd22f3d8a505c041875a26d53f0e50311 100644 (file)
@@ -214,8 +214,8 @@ static int receive_portable_metadata(
                  * but according to suggestions from the SELinux people this will change and it will probably
                  * be identical to NAME_MAX. For now we use that, but this should be updated one day when the
                  * final limit is known. */
-                char iov_buffer[PATH_MAX + NAME_MAX + 2];
-                struct iovec iov = IOVEC_MAKE(iov_buffer, sizeof(iov_buffer));
+                char iov_buffer[PATH_MAX + NAME_MAX + 2 + 1]; /* One extra byte for the trailing NUL we add below. */
+                struct iovec iov = IOVEC_MAKE(iov_buffer, sizeof(iov_buffer) - 1);
 
                 ssize_t n = receive_one_fd_iov(socket_fd, &iov, 1, 0, &fd);
                 if (n == -EIO)