efi: as extra paranoia NUL terminate UTF-16 strings with three NUL bytes

This is a safey net anyway, let's make it fully safe: if the data ends
on an uneven byte, then we need to complete the UTF-16 codepoint first,
before adding the final NUL byte pair. Hence let's suffix with three
NULs, instead of just two.

(cherry picked from commit c75e7da0b53dd67363b724502e91901e89097886)

diff --git a/src/basic/efivars.c b/src/basic/efivars.c
index 6b6f461446d2cc866257d1be5902b15fe280d7ed..496b5d4d44f280bec020e6355192e1e11e52758f 100644 (file)
--- a/src/basic/efivars.c
+++ b/src/basic/efivars.c
@@ -101,7 +101,8 @@ int efi_get_variable(
                                 return -errno;
                         if (try >= EFI_N_RETRIES)
                                 return -EBUSY;
-                        usleep(EFI_RETRY_DELAY);
+
+                        (void) usleep(EFI_RETRY_DELAY);
                 }
 
                 if (n != sizeof(a))
@@ -109,7 +110,7 @@ int efi_get_variable(
         }
 
         if (ret_value) {
-                buf = malloc(st.st_size - 4 + 2);
+                buf = malloc(st.st_size - 4 + 3);
                 if (!buf)
                         return -ENOMEM;
 
@@ -118,9 +119,10 @@ int efi_get_variable(
                         return -errno;
                 assert(n <= st.st_size - 4);
 
-                /* Always NUL terminate (2 bytes, to protect UTF-16) */
+                /* Always NUL terminate (3 bytes, to properly protect UTF-16, even if truncated in the middle of a character) */
                 ((char*) buf)[n] = 0;
                 ((char*) buf)[n + 1] = 0;
+                ((char*) buf)[n + 2] = 0;
         } else
                 /* Assume that the reported size is accurate */
                 n = st.st_size - 4;