From 9600172374af39f605baa13be0e60887a6469d3f Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 11 Feb 2015 19:07:22 +0000
Subject: [PATCH 2/2] [fix for 3/5] verify that security label has no embedded
 \0

---
 dbus/dbus-sysdeps-unix.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index 2184cea..8010df1 100644
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -1728,7 +1728,23 @@ add_linux_security_label_to_credentials (int              client_fd,
       len--;
     }
 
-  _dbus_string_set_length (&buf, len);
+  if (!_dbus_string_set_length (&buf, len))
+    {
+      _dbus_assert_not_reached ("shortening string should not lead to OOM");
+      oom = TRUE;
+      goto out;
+    }
+
+  if (strlen (_dbus_string_get_const_data (&buf)) != len)
+    {
+      /* LSM people on the linux-security-module@ mailing list say this
+       * should never happen: the label should be a bytestring with
+       * an optional trailing \0 */
+      _dbus_verbose ("security label from kernel had an embedded \\0, "
+                     "ignoring it\n");
+      goto out;
+    }
+
   _dbus_verbose ("getsockopt(SO_PEERSEC): %lu bytes excluding \\0: %s\n",
                  (unsigned long) len,
                  _dbus_string_get_const_data (&buf));
-- 
2.1.4