file_util.c: fix possible bad memory access in file_read_line_alloc()

In the case of a zero length string being returned by fgets(), the condition
checking for a trailing new line would perform a bad memory access outside
of `buf`. This might happen when line with a leading null byte is read.

Avoid this case by checking that the string has a length of at least one
byte. Also change the unsigned int types to size_t to store length values
while we're at it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/libopkg/file_util.c b/libopkg/file_util.c
index 7e955edd1635f7f0849d3ac1c024990ce20e6042..c0acec3f8f6abaeb4a69507559a28406ba129f82 100644 (file)
--- a/libopkg/file_util.c
+++ b/libopkg/file_util.c
@@ -59,17 +59,14 @@ int file_is_dir(const char *file_name)
 */
 char *file_read_line_alloc(FILE * fp)
 {
+       size_t buf_len, line_size;
        char buf[BUFSIZ];
-       unsigned int buf_len;
        char *line = NULL;
-       unsigned int line_size = 0;
        int got_nl = 0;
 
-       buf[0] = '\0';
-
        while (fgets(buf, BUFSIZ, fp)) {
                buf_len = strlen(buf);
-               if (buf[buf_len - 1] == '\n') {
+               if (buf_len > 0 && buf[buf_len - 1] == '\n') {
                        buf_len--;
                        buf[buf_len] = '\0';
                        got_nl = 1;