nfs4_readlink_cb(), part of nfs_readlink_async() and indirectly nfs_readlink() & nfs_readlink2(), presumes the results of v4 READLINK ops to be always NUL-terminated. That isn't guaranteed, and is rarely the case at least when a result needs no NUL-padding on the wire toward a typically (or always?) four byte multiple: the next RAM byte can be NUL only coincidentally.
Under these conditions, memory is read beyond the end of the op result, at the very least corrupting the result returned to the caller, or even crashing, given no NUL byte in all the remainder of the corresponding memory area.
nfs4_readlink_cb(), part ofnfs_readlink_async()and indirectlynfs_readlink()&nfs_readlink2(), presumes the results of v4 READLINK ops to be always NUL-terminated. That isn't guaranteed, and is rarely the case at least when a result needs no NUL-padding on the wire toward a typically (or always?) four byte multiple: the next RAM byte can be NUL only coincidentally.Under these conditions, memory is read beyond the end of the op result, at the very least corrupting the result returned to the caller, or even crashing, given no NUL byte in all the remainder of the corresponding memory area.
(Closes #338 by @ma-rom.)