From 0ffe9d4abce5a27ea4e66c4f1dd9e63d64ae3cff Mon Sep 17 00:00:00 2001
From: Kevin Day <kevin@kevux.org>
Date: Mon, 10 Apr 2023 22:36:34 -0500
Subject: [PATCH] Security: fl_directory_list() is not appending a NULL.

If any of these strings are passed to standard library functions that expect NULL terminated strings, then an invalid read access can occur.
---
 level_1/fl_directory/c/private-directory.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/level_1/fl_directory/c/private-directory.c b/level_1/fl_directory/c/private-directory.c
index 42bee9d..55f4eb2 100644
--- a/level_1/fl_directory/c/private-directory.c
+++ b/level_1/fl_directory/c/private-directory.c
@@ -543,10 +543,11 @@ extern "C" {
 
       names->array[names->used].used = 0;
 
-      status = f_string_dynamic_increase_by(name_directory.used, &names->array[names->used]);
+      status = f_string_dynamic_increase_by(name_directory.used + 1, &names->array[names->used]);
       if (F_status_is_error(status)) break;
 
       memcpy(names->array[names->used].string, name_directory.string, sizeof(f_char_t) * name_directory.used);
+      names->array[names->used].string[name_directory.used] = 0;
       names->array[names->used++].used = name_directory.used;
 
       f_memory_resize(1, 0, sizeof(f_char_t *), (void **) & entity[i]);
-- 
1.8.3.1