From 5399935ca8713d8cae92610f87f7ad6b4d161a5a Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 24 Aug 2021 21:29:16 +0200 Subject: [PATCH] utils: NUL terminate readlinkat buffer make sure the buffer used by readlinkat is NUL terminated otherwise symlinks targets copied by "tmpcopyup" could be mangled. Closes: /~https://github.com/containers/crun/issues/719 Signed-off-by: Giuseppe Scrivano --- NEWS | 1 + src/libcrun/utils.c | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 42b6707805..34a4da5aeb 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ - linux: treat pidfd_open failures EINVAL as ESRCH - cgroup: add support for setting memory.use_hierarchy on cgroup v1. - Makefile.am: fix link error when using directly libcrun. +- Fix symlink target mangling for tmpcopyup targets. * crun-0.21 diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c index 0ddb75c4e5..e5db288050 100644 --- a/src/libcrun/utils.c +++ b/src/libcrun/utils.c @@ -1906,18 +1906,18 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char break; case S_IFLNK: - buf_size = st_size + 1; - target_buf = xmalloc (buf_size); - + buf_size = st_size; do { - buf_size += 1024; + if (target_buf != NULL) + buf_size += 1024; - target_buf = xrealloc (target_buf, buf_size); + target_buf = xrealloc (target_buf, buf_size + 1); size = readlinkat (dirfd (dsrcfd), de->d_name, target_buf, buf_size); if (UNLIKELY (size < 0)) return crun_make_error (err, errno, "readlink `%s/%s`", srcname, de->d_name); + target_buf[size] = '\0'; } while (size == buf_size); ret = symlinkat (target_buf, destdirfd, de->d_name);