Re: [mdadm PATCH 2/2] Fix unterminated buffer after readlink() call

From: NeilBrown <hidden>
Date: 2011-10-17 00:19:19

On Thu, 13 Oct 2011 11:22:13 +0200 Thomas Jarosch
[off-list ref] wrote:

quoted hunk ↗ jump to hunk

Signed-off-by: Thomas Jarosch <redacted>
---
 mdopen.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/mdopen.c b/mdopen.c
index 0a17421..555ab84 100644
--- a/mdopen.c
+++ b/mdopen.c

@@ -360,8 +360,12 @@ int create_mddev(char *dev, char *name, int autof, int trustworthy,
 
 			if (lstat(chosen, &stb) == 0) {
 				char buf[300];
+				ssize_t link_len = readlink(chosen, buf, sizeof(buf)-1);
+				if (link_len >= 0)
+					buf[link_len] = '\0';
+
 				if ((stb.st_mode & S_IFMT) != S_IFLNK ||
-				    readlink(chosen, buf, 300) <0 ||
+				    link_len < 0 ||
 				    strcmp(buf, devname) != 0) {
 					fprintf(stderr, Name ": %s exists - ignoring\n",
 						chosen);


Thanks.  I've applied this and the other one.

NeilBrown

Attachments

signature.asc [application/pgp-signature] 828 bytes

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help