return(-1);
}
len = readlink(nm, target,
- sb.st_size);
+ sb.st_size + 1);
if (len == -1) {
syswarn(0, errno,
"cannot follow symlink %s in chain for %s",
res = -1;
goto badlink;
}
+ if (len > sb.st_size) {
+ syswarn(0, errno,
+ "symlink %s increased in size between lstat() and readlink() for %s",
+ nm, arcn->name);
+
+ res = -1;
+ goto badlink;
+ }
target[len] = '\0';
nm = target;
}