From 1000000925fed2894ee7fefa7126b125799281a7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 12 Jan 2024 04:44:48 +0900
Subject: [PATCH] json: add trailing NUL byte in
 json_dispatch_byte_array_iovec()

For safety.

Addresses https://github.com/systemd/systemd/pull/30879#discussion_r1448518226.
---
 src/shared/json.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/shared/json.c b/src/shared/json.c
index 47cd78b3965de..5bb447ba917b2 100644
--- a/src/shared/json.c
+++ b/src/shared/json.c
@@ -5007,7 +5007,7 @@ int json_dispatch_byte_array_iovec(const char *name, JsonVariant *variant, JsonD
 
         sz = json_variant_elements(variant);
 
-        buffer = new(uint8_t, sz);
+        buffer = new(uint8_t, sz + 1);
         if (!buffer)
                 return json_log(variant, flags, SYNTHETIC_ERRNO(ENOMEM), "Out of memory.");
 
@@ -5028,6 +5028,9 @@ int json_dispatch_byte_array_iovec(const char *name, JsonVariant *variant, JsonD
         }
         assert(k == sz);
 
+        /* Append a NUL byte for safety, like we do in memdup_suffix0() and others. */
+        buffer[sz] = 0;
+
         free_and_replace(iov->iov_base, buffer);
         iov->iov_len = sz;
         return 0;