libfuse: null-terminate buffer in fuse_req_getgroups()

After reading the file /proc/$PID/task/$PID/status the buffer wasn't terminated with a null character. This could theoretically lead to buffer overrun by the subsequent strstr() call. Since the contents of the proc file are guaranteed to contain the pattern that strstr is looking for, this doesn't happen in normal situations. Add null termination for robustness. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
author: Miklos Szeredi <mszeredi@redhat.com> 2024-06-13 13:57:25 +0200
committer: Bernd Schubert <bernd.schubert@fastmail.fm> 2024-06-13 16:39:54 +0200
commit: 29f621af8d39d5a140da584ff6c1eb00147b5a56 (patch)
tree: 7625e541f78edc4ff36decc86a2cbae33ae9476e /lib
parent: 8bd873cbcc6037655c0a6cf2f63fe1f8f13c5a5e (diff)
download: libfuse-29f621af8d39d5a140da584ff6c1eb00147b5a56.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c
index fc46882..74b0424 100644
--- a/lib/fuse_lowlevel.c
+++ b/lib/fuse_lowlevel.c
@@ -3353,6 +3353,7 @@ retry:
 		goto retry;
 	}
 
+	buf[ret] = '\0';
 	ret = -EIO;
 	s = strstr(buf, "\nGroups:");
 	if (s == NULL)
author	Miklos Szeredi <mszeredi@redhat.com>	2024-06-13 13:57:25 +0200
committer	Bernd Schubert <bernd.schubert@fastmail.fm>	2024-06-13 16:39:54 +0200
commit	29f621af8d39d5a140da584ff6c1eb00147b5a56 (patch)
tree	7625e541f78edc4ff36decc86a2cbae33ae9476e /lib
parent	8bd873cbcc6037655c0a6cf2f63fe1f8f13c5a5e (diff)
download	libfuse-29f621af8d39d5a140da584ff6c1eb00147b5a56.tar.gz