File 0003-icon-validator-portal-Guard-against-overlong-symlink-targets.patch of Package flatpak.25785

From 32f57561279becef6f1461d6e73d7c7f372eaed0 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Tue, 30 Apr 2019 18:25:50 +0100
Subject: [PATCH] icon-validator, portal: Guard against overlong symlink
 targets

If the buffer is too small, readlink() returns the number of bytes that
would have been stored if the buffer had been large enough.

Signed-off-by: Simon McVittie <smcv@collabora.com>

Closes: #2873
Approved by: matthiasclasen

(cherry picked from commit 89dc344ccb047fad680ee47b10ca123895f3d224)

Closes: #3115
Approved by: alexlarsson
---
 icon-validator/validate-icon.c | 2 +-
 portal/flatpak-portal.c        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/icon-validator/validate-icon.c b/icon-validator/validate-icon.c
index 6e23d9f23..6c4cae20a 100644
--- a/icon-validator/validate-icon.c
+++ b/icon-validator/validate-icon.c
@@ -136,7 +136,7 @@ rerun_in_sandbox (const char *arg_width,
   ssize_t symlink_size;
 
   symlink_size = readlink ("/proc/self/exe", validate_icon, sizeof (validate_icon) - 1);
-  if (symlink_size < 0)
+  if (symlink_size < 0 || (size_t) symlink_size >= sizeof (validate_icon))
     {
       g_printerr ("Error: failed to read /proc/self/exe\n");
       return 1;
diff --git a/portal/flatpak-portal.c b/portal/flatpak-portal.c
index 868ea6420..5c4f2fe9f 100644
--- a/portal/flatpak-portal.c
+++ b/portal/flatpak-portal.c
@@ -907,7 +907,7 @@ main (int    argc,
     }
 
   exe_path_len = readlink ("/proc/self/exe", exe_path, sizeof (exe_path) - 1);
-  if (exe_path_len > 0)
+  if (exe_path_len > 0 && (size_t) exe_path_len < sizeof (exe_path))
     {
       exe_path[exe_path_len] = 0;
       GFileMonitor *monitor;