libssh2: error check and null-terminate in ssh_state_sftp_readdir_link()
- null-terminate the result to match the other getter
`libssh2_sftp_symlink_ex()` call.
- check negative result and bail out early.
Reported-by: Joshua Rogers
Closes #18598
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 5dfc377..73d4807 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -2405,6 +2405,12 @@
curlx_dyn_free(&sshp->readdir_link);
+ if(rc < 0)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* It seems that this string is not always null-terminated */
+ sshp->readdir_filename[rc] = '\0';
+
/* append filename and extra output */
result = curlx_dyn_addf(&sshp->readdir, " -> %s", sshp->readdir_filename);
if(result)
