From f3715dc0d3a816060fb24a5b45612d3c1dee4827 Mon Sep 17 00:00:00 2001
From: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Date: Mon, 11 Dec 2023 21:03:26 +0700
Subject: [PATCH] mgcp: reserve once byte for '\0' in mgcp_do_read()

We need to be able to terminate the received string in case it was
not nul-terminated by the sender (see mgcp_msg_terminate_nul()).

Change-Id: Icc878af7f671213bb516af62cb601914d86ff808
Fixes: CID#272990
---
 src/libosmo-mgcp-client/mgcp_client.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libosmo-mgcp-client/mgcp_client.c b/src/libosmo-mgcp-client/mgcp_client.c
index 8693b1b1c..cd7339105 100644
--- a/src/libosmo-mgcp-client/mgcp_client.c
+++ b/src/libosmo-mgcp-client/mgcp_client.c
@@ -758,7 +758,8 @@ static int mgcp_do_read(struct osmo_fd *fd)
 		return -1;
 	}
 
-	ret = read(fd->fd, msg->data, 4096 - 128);
+	/* msgb_tailroom() is basically (4096 - 128); -1 is for '\0' */
+	ret = read(fd->fd, msg->data, msgb_tailroom(msg) - 1);
 	if (ret <= 0) {
 		LOGPMGW(mgcp, LOGL_ERROR, "Failed to read: %s: %d='%s'\n",
 		     osmo_sock_get_name2(fd->fd), errno, strerror(errno));