Fix -k argument processing to avoid out-of-bounds memory accesses

Mangling of keyfile_dir and allocation of keyfile_path led to rare crashes (and Valgrind complaints). The error was introduced in 21f3a6b9.

Fix -k argument processing to avoid out-of-bounds memory accesses
Mangling of keyfile_dir and allocation of keyfile_path led to rare crashes (and Valgrind complaints). The error was introduced in 21f3a6b9.
3ddfc609 · Petr Špaček · b27acd9f · 3ddfc609
Commit 3ddfc609 authored 8 years ago by Petr Špaček
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -640,17 +640,18 @@ int main(int argc, char **argv)
 		char *_filename = basename(basename_storage);
 		int dirlen = strlen(keyfile_dir);
 		int namelen = strlen(_filename);
-		if (dirlen + namelen >= PATH_MAX) {
+		if (dirlen + 1 + namelen >= PATH_MAX) {
 			kr_log_error("[ ta ]: keyfile '%s' PATH_MAX exceeded\n",
 				     keyfile);
 			ret = EXIT_FAILURE;
 			goto cleanup;
 		}
-		keyfile_dir[dirlen] = '/';
+		keyfile_dir[dirlen++] = '/';
+		keyfile_dir[dirlen] = '\0';
 		auto_free char *keyfile_path = malloc(dirlen + namelen + 1);
-		memcpy(keyfile_path, keyfile_dir, dirlen + 1);
+		memcpy(keyfile_path, keyfile_dir, dirlen);
-		memcpy(keyfile_path + dirlen + 1, _filename, namelen + 1);
+		memcpy(keyfile_path + dirlen, _filename, namelen + 1);
 		int unmanaged = 0;