Commit 9f7a91b51ffc ("libnsm: safer atomic filenames") messed up the length
arguement to snprintf() in nsm_make_temp_pathname such that the length is
longer than the computed string. When compiled with "-O
-D_FORTIFY_SOURCE=3", __snprintf_chk will fail and abort statd.
The fix is to correct the original size calculation, then pull one from the
snprintf length for the final "/".
Fixes: 9f7a91b51ffc ("libnsm: safer atomic filenames")
Signed-off-by: Benjamin Coddington <bcodding@xxxxxxxxxx>
---
v2: ensure we handle paths without '/', simplify.
---
support/nsm/file.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/support/nsm/file.c b/support/nsm/file.c
index e0804136ccbe..de122b0fc5a1 100644
--- a/support/nsm/file.c
+++ b/support/nsm/file.c
@@ -187,7 +187,7 @@ nsm_make_temp_pathname(const char *pathname)
char *path, *base;
int len;
- size = strlen(pathname) + sizeof(".new") + 3;
+ size = strlen(pathname) + sizeof(".new") + 1;
if (size > PATH_MAX)
return NULL;
@@ -196,15 +196,19 @@ nsm_make_temp_pathname(const char *pathname)
return NULL;
base = strrchr(pathname, '/');
- strcpy(path, pathname);
+ if (base == NULL)
+ base = pathname;
+ else
+ base++;
+ strcpy(path, pathname);
len = base - pathname;
- len += snprintf(path + len + 1, size-len, ".%s.new", base+1);
+ len += snprintf(path + len, size - len, ".%s.new", base);
+
if (error_check(len, size)) {
free(path);
return NULL;
}
-
return path;
}
base-commit: eb5abb5c60ab60f3c2f22518d513ed187f39bd9b
--
2.47.0
