backups: fix buffer overflow in tar2qfile

Buffer for directory headers history was too small. This can be
exploitable by some attacker capable of controlling backup stream, but
it isn't any security problem. We don't assume this part of backup
system to be trusted, the attacker can at most prevent user from
restoring some data, but will neither gain access to them, or compromise
any other Qubes component. This is equivalent to bug in any other tool
used in backup vm (like FTP client) and the Qubes backup system is
designed specifically to minimize impact of such bugs.

qubes-rpc/tar2qfile.c

@@ -756,7 +756,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
 #ifdef DEBUG
 			fprintf(stderr,"Inserting %s into register\n",path);
 #endif
-			dirs_headers_sent = realloc(dirs_headers_sent, sizeof (char*) * n_dirs++);
+			dirs_headers_sent = realloc(dirs_headers_sent, sizeof (char*) * (++n_dirs));
 			if (dirs_headers_sent == NULL)
 				return MEMORY_ALLOC_FAILED;
 			dirs_headers_sent[n_dirs-1] = malloc(sizeof (char) * (strlen(path)+1));