Blob Blame History Raw
From a7415ab87fa5cc7cae356aa296e5c3fec4add1bf Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 31 Jan 2018 23:43:28 +0900
Subject: [PATCH] strv: fix buffer size calculation in strv_join_quoted()

Fixes #8056.

[fbui: the affected function was removed since v236+ (by commit
       2e59b24) so the patch is not needed by upstream which was at
       v237+ when the issue was found.]

rhel-only
Resolves: #1989245
---
 src/shared/strv.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/shared/strv.c b/src/shared/strv.c
index e27ac68151..416373b183 100644
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -353,21 +353,18 @@ char *strv_join_quoted(char **l) {
         size_t allocated = 0, len = 0;
 
         STRV_FOREACH(s, l) {
-                /* assuming here that escaped string cannot be more
-                 * than twice as long, and reserving space for the
-                 * separator and quotes.
-                 */
                 _cleanup_free_ char *esc = NULL;
                 size_t needed;
 
-                if (!GREEDY_REALLOC(buf, allocated,
-                                    len + strlen(*s) * 2 + 3))
-                        goto oom;
-
                 esc = cescape(*s);
                 if (!esc)
                         goto oom;
 
+                /* reserving space for the escaped text, separator, quotes and NULL terminator. */
+                if (!GREEDY_REALLOC(buf, allocated,
+                                    len + strlen(esc) + 4))
+                        goto oom;
+
                 needed = snprintf(buf + len, allocated - len, "%s\"%s\"",
                                   len > 0 ? " " : "", esc);
                 assert(needed < allocated - len);