chiark / gitweb /
remove buffer-overrun risk in readlink call
authorMathias Nyman <mathias.nyman@nokia.com>
Wed, 21 Apr 2010 10:52:52 +0000 (13:52 +0300)
committerMartin Pitt <martin.pitt@ubuntu.com>
Wed, 21 Apr 2010 11:41:14 +0000 (13:41 +0200)
readlink does not write a nul character to the end of the
string it returns. Therefore ask for one fewer character
than the buffer size so there's always room for an extra \0.

Signed-off-by: Mathias Nyman <mathias.nyman@nokia.com>
Signed-off-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com>
udev/udev-node.c

index 2a2c2cf..ceb1d52 100644 (file)
@@ -163,7 +163,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink)
                        int len;
 
                        dbg(udev, "found existing symlink '%s'\n", slink);
-                       len = readlink(slink, buf, sizeof(buf));
+                       len = readlink(slink, buf, sizeof(buf) - 1);
                        if (len > 0) {
                                buf[len] = '\0';
                                if (strcmp(target, buf) == 0) {