From d0f1dc654e8e7fe76f1386f24240dd4ae8644a51 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 22 May 2018 16:08:50 +0200
Subject: [PATCH] core: ensure NUL terminated secret_key buffer

The secret_key is binary random data, so one shouldn't ever use it as a
NUL terminated string directly.

Still, just ensure that the entire buffer is always NUL terminated.
---
 src/nm-core-utils.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c
index 4b266ed563..9697b9bc38 100644
--- a/src/nm-core-utils.c
+++ b/src/nm-core-utils.c
@@ -2820,7 +2820,7 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error)
 		/* RFC7217 mandates the key SHOULD be at least 128 bits.
 		 * Let's use twice as much. */
 		key_len = 32;
-		secret_key = g_malloc (key_len);
+		secret_key = g_malloc (key_len + 1);
 
 		if (!nm_utils_random_bytes (secret_key, key_len)) {
 			g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
@@ -2829,6 +2829,10 @@ nm_utils_secret_key_read (gsize *out_key_len, GError **error)
 			goto out;
 		}
 
+		/* the secret-key is binary. Still, ensure that it's NULL terminated, just like
+		 * g_file_set_contents() does. */
+		secret_key[32] = '\0';
+
 		key_mask = umask (0077);
 		if (!g_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, error)) {
 			g_prefix_error (error, "Can't write " NMSTATEDIR "/secret_key: ");