OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

fsdev: Fix overrun after readlink() fills buffer completely

Browse Source 
readlink() returns the number of bytes written to the buffer, and it
doesn't write a terminating null byte.  do_readlink() writes it
itself.  Overruns the buffer when readlink() filled it completely.

Fix by reserving space for the null byte when calling readlink(), like
we do elsewhere.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
This commit is contained in:
Markus Armbruster 2014-02-21 17:43:09 +01:00 committed by Aneesh Kumar K.V
parent d5001cf787
commit d77f7779b4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fsdev/virtfs-proxy-helper.c
View File

@ -595,7 +595,7 @@ static int do_readlink(struct iovec *iovec, struct iovec *out_iovec)
}
buffer = g_malloc(size);
v9fs_string_init(&target);
retval = readlink(path.data, buffer, size);
retval = readlink(path.data, buffer, size - 1);
if (retval > 0) {
buffer[retval] = '\0';
v9fs_string_sprintf(&target, "%s", buffer);