[PATCH] remove buffer-overrun risk in readlink call

[PATCH] remove buffer-overrun risk in readlink call

[Mathias Nyman]

readlink does not write a nul character to the end of the
string it returns. Therefore ask for one fewer character
than the buffer size so there's always room for an extra \0.

Signed-off-by: Mathias Nyman <mathias.nyman@nokia.com>
Signed-off-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
---
 udev/udev-node.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/udev/udev-node.c b/udev/udev-node.c
index 2a2c2cf..ceb1d52 100644
--- a/udev/udev-node.c
+++ b/udev/udev-node.c
@@ -163,7 +163,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink)
 			int len;
 
 			dbg(udev, "found existing symlink '%s'\n", slink);
-			len = readlink(slink, buf, sizeof(buf));
+			len = readlink(slink, buf, sizeof(buf) - 1);
 			if (len > 0) {
 				buf[len] = '\0';
 				if (strcmp(target, buf) = 0) {
-- 
1.5.6.5

Re: [PATCH] remove buffer-overrun risk in readlink call

[Martin Pitt]

Hello Mathias,

Mathias Nyman [2010-04-21 13:52 +0300]:
> readlink does not write a nul character to the end of the
> string it returns. Therefore ask for one fewer character
> than the buffer size so there's always room for an extra \0.

Nice catch, thanks! Pushed.

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)