hfsfuse: ensure readlink result is NUL terminated

This is required by libfuse, which needs a valid C string to determine the length of the returned link destination. Fixes a potential read and disclosure of uninitialized memory of up to PATH_MAX bytes when reading link destinations on a mounted filesystem. Bytes following PATH_MAX are terminated by FUSE. Thanks to @sbond75 for finding this.
0x09 · Apr 18, 2024 · 529cb8b · 529cb8b
1 parent ed7ad0b
commit 529cb8b
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/hfsfuse.c b/src/hfsfuse.c
@@ -118,11 +118,14 @@ static int hfsfuse_read(const char* path, char* buf, size_t size, off_t offset,
 }
 
 static int hfsfuse_readlink(const char* path, char* buf, size_t size) {
+	if(!size)
+		return -EINVAL;
 	struct fuse_file_info info;
 	if(hfsfuse_open(path,&info)) return -errno;
-	int bytes = hfsfuse_read(path,buf,size,0,&info);
+	int bytes = hfsfuse_read(path,buf,size-1,0,&info);
 	hfsfuse_release(NULL,&info);
 	if(bytes < 0) return -errno;
+	buf[bytes] = '\0';
 	return 0;
 }