lib/path: fix possible out of boundary access

If fgets reads from a file starting with a NUL byte in ul_path_cpuparse,
then the check for newline leads to an out of boundary access.

Proof of Concept (compile with --enable-asan):

1. Prepare /tmp/poc with required files
```
$ install -d /tmp/poc/sys/devices/system/cpu
$ dd if=/dev/zero of=/tmp/poc/sys/devices/system/cpu/possible bs=1 count=1
$ install -D /dev/null /tmp/poc/proc/cpuinfo
```

2. Run lscpu with sysroot option
```
$ lscpu --sysroot /tmp/poc
=================================================================
==78238==ERROR: AddressSanitizer: heap-buffer-overflow
```

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/lib/path.c b/lib/path.c
index 95a6b8b895a6e750ad6629c16e3a5ac363c89c67..1a8a21c124e6c2de15c44e998d2bc4c6b6a41a1f 100644 (file)
--- a/lib/path.c
+++ b/lib/path.c
@@ -1036,7 +1036,7 @@ static int ul_path_cpuparse(struct path_cxt *pc, cpu_set_t **set, int maxcpus, i
                return rc;
 
        len = strlen(buf);
-       if (buf[len - 1] == '\n')
+       if (len > 0 && buf[len - 1] == '\n')
                buf[len - 1] = '\0';
 
        *set = cpuset_alloc(maxcpus, &setsize, NULL);