Potential vulnerability in cloned code

Summary

I identified potential vulnerabilities in a clone function read_file() in src/util/readfile.c sourced from GNU. This issue, originally reported in CVE-2019-13636, was resolved in the repository via this commit GNU@dce4683.

Proposed fix

Based on the patch, the read_file() function can open a filename with a O_NOFOLLOW flag to avoid potential symlink attacks.

References

https://nvd.nist.gov/vuln/detail/cve-2019-13636 https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a