From d752a0099c7907a380b005a213a5f5b03ba17b1b Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Sat, 28 Jul 2018 15:23:25 +0930
Subject: [PATCH] gossip_msg: make sure alias is NUL-terminated.

Valgrind error file: valgrind-errors.772802
==772802== Invalid read of size 1
==772802==    at 0x4C32D04: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==772802==    by 0x14479C: escape (json_escaped.c:41)
==772802==    by 0x144B6C: json_escape (json_escaped.c:117)
==772802==    by 0x118518: json_getnodes_reply (gossip_control.c:209)
==772802==    by 0x139394: sd_msg_reply (subd.c:281)
==772802==    by 0x139972: sd_msg_read (subd.c:418)
==772802==    by 0x17ABB1: next_plan (io.c:59)
==772802==    by 0x17B6A9: do_plan (io.c:387)
==772802==    by 0x17B6E7: io_ready (io.c:397)
==772802==    by 0x17D2C8: io_loop (poll.c:310)
==772802==    by 0x121973: main (lightningd.c:450)
==772802==  Address 0x6fe5168 is 0 bytes after a block of size 72 alloc'd
==772802==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==772802==    by 0x18843E: allocate (tal.c:245)
==772802==    by 0x18899D: tal_alloc_ (tal.c:421)
==772802==    by 0x188B5E: tal_alloc_arr_ (tal.c:464)
==772802==    by 0x119BAB: fromwire_gossip_getnodes_entry (gossip_msg.c:35)
==772802==    by 0x15CCD6: fromwire_gossip_getnodes_reply (gen_gossip_wire.c:111)
==772802==    by 0x118436: json_getnodes_reply (gossip_control.c:192)
==772802==    by 0x139394: sd_msg_reply (subd.c:281)
==772802==    by 0x139972: sd_msg_read (subd.c:418)
==772802==    by 0x17ABB1: next_plan (io.c:59)
==772802==    by 0x17B6A9: do_plan (io.c:387)
==772802==    by 0x17B6E7: io_ready (io.c:397)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 lightningd/gossip_msg.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lightningd/gossip_msg.c b/lightningd/gossip_msg.c
index 3fc3f4e02..659bbcfa7 100644
--- a/lightningd/gossip_msg.c
+++ b/lightningd/gossip_msg.c
@@ -32,8 +32,9 @@ struct gossip_getnodes_entry *fromwire_gossip_getnodes_entry(const tal_t *ctx,
 			return NULL;
 		}
 	}
-	entry->alias = tal_arr(entry, u8, fromwire_u8(pptr, max));
-	fromwire(pptr, max, entry->alias, tal_len(entry->alias));
+	/* Make sure alias is NUL terminated */
+	entry->alias = tal_arrz(entry, u8, fromwire_u8(pptr, max)+1);
+	fromwire(pptr, max, entry->alias, tal_count(entry->alias)-1);
 	fromwire(pptr, max, entry->color, sizeof(entry->color));
 
 	return entry;