From 8720c8e576671c7b7c1d65392fcb7fc3cdbc3fbd Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Mon, 23 Apr 2012 16:13:46 -0400 Subject: [PATCH] libsepol: allocate enough space to hold filename in trans rules There is an off by one bug in which the filename length stored with filename_trans_rules is stored as strlen (aka, no nul) however the code to allocate space and read the name back in from policy only allocates len, and not the len + 1 needed to hold the nul. Allocate enough space for the nul. Signed-off-by: Eric Paris Acked-by: Dan Walsh --- libsepol/src/policydb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index a84de2ff..ff292f68 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2380,7 +2380,7 @@ int filename_trans_read(filename_trans_t **t, struct policy_file *fp) return -1; len = le32_to_cpu(buf[0]); - name = calloc(len, sizeof(*name)); + name = calloc(len + 1, sizeof(*name)); if (!name) return -1;