From 70756b3b4da53dce771176ffc71bd90dd5c7e040 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 7 Mar 2018 08:51:09 +0100
Subject: [PATCH] systemd-boot: fix off-by-one buffer overrun

We'd allocate a buffer of some size and then write zero to the byte one after.
---
 src/boot/efi/util.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c
index bff8ba8d206..cd75c13f2b4 100644
--- a/src/boot/efi/util.c
+++ b/src/boot/efi/util.c
@@ -327,16 +327,15 @@ EFI_STATUS file_read(EFI_FILE_HANDLE dir, CHAR16 *name, UINTN off, UINTN size, C
                         return err;
         }
 
-        buf = AllocatePool(size);
+        buf = AllocatePool(size + 1);
         err = uefi_call_wrapper(handle->Read, 3, handle, &size, buf);
         if (!EFI_ERROR(err)) {
                 buf[size] = '\0';
                 *content = buf;
                 if (content_size)
                         *content_size = size;
-        } else {
+        } else
                 FreePool(buf);
-        }
 
         uefi_call_wrapper(handle->Close, 1, handle);
         return err;