From dbcb8ed050f334490d133b0afaa44e00865ad32b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sigrid=20Solveig=20Hafl=C3=ADnud=C3=B3ttir?=
 <sigrid@ftrv.se>
Date: Mon, 10 Jul 2023 17:21:36 +0000
Subject: [PATCH] retry_realpath: check before possibly writing out of bounds

---
 src/devices/file.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/devices/file.c b/src/devices/file.c
index a208b8f..1fe3747 100644
--- a/src/devices/file.c
+++ b/src/devices/file.c
@@ -126,10 +126,11 @@ static char *
 retry_realpath(const char *file_name)
 {
 	char *r, p[PATH_MAX] = {'\0'}, *x;
+	int fnlen;
 	if(file_name == NULL) {
 		errno = EINVAL;
 		return NULL;
-	} else if(strlen(file_name) >= PATH_MAX) {
+	} else if((fnlen = strlen(file_name)) >= PATH_MAX) {
 		errno = ENAMETOOLONG;
 		return NULL;
 	}
@@ -137,6 +138,10 @@ retry_realpath(const char *file_name)
 		/* TODO: use a macro instead of '/' for absolute path first character so that other systems can work */
 		/* if a relative path, prepend cwd */
 		getcwd(p, sizeof(p));
+		if(strlen(p) + strlen(DIR_SEP_STR) + fnlen >= PATH_MAX) {
+			errno = ENAMETOOLONG;
+			return NULL;
+		}
 		strcat(p, DIR_SEP_STR); /* TODO: use a macro instead of '/' for the path delimiter */
 	}
 	strcat(p, file_name);