From: Mathias Nyman <mathias.nyman@nokia.com>
Date: Wed, 21 Apr 2010 10:52:52 +0000 (+0300)
Subject: remove buffer-overrun risk in readlink call
X-Git-Tag: 174~529
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=e925018786d85fb3aed3b62a0a89309f9a7d5e4f

remove buffer-overrun risk in readlink call

readlink does not write a nul character to the end of the
string it returns. Therefore ask for one fewer character
than the buffer size so there's always room for an extra \0.

Signed-off-by: Mathias Nyman <mathias.nyman@nokia.com>
Signed-off-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com>
---

diff --git a/udev/udev-node.c b/udev/udev-node.c
index 2a2c2cf0b..ceb1d52ea 100644
--- a/udev/udev-node.c
+++ b/udev/udev-node.c
@@ -163,7 +163,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink)
 			int len;
 
 			dbg(udev, "found existing symlink '%s'\n", slink);
-			len = readlink(slink, buf, sizeof(buf));
+			len = readlink(slink, buf, sizeof(buf) - 1);
 			if (len > 0) {
 				buf[len] = '\0';
 				if (strcmp(target, buf) == 0) {