[rpm PATCH] Fix unterminated buffer after readlink() call

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

readlink() never terminates the buffer.

Detected by "cppcheck" (git HEAD)

Signed-off-by: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx>
---
 lib/rpmfi.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index e1e8fa9..6186d9f 100644
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -661,8 +661,10 @@ rpmFileAction rpmfiDecideFate(const rpmfi ofi, rpmfi nfi, int skipMissing)
 	const char * oFLink, * nFLink;
 	oFLink = rpmfiFLink(ofi);
 	if (diskWhat == LINK) {
-	    if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+	    ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+	    if (link_len == -1)
 		return FA_CREATE;	/* assume file has been removed */
+	    buffer[link_len] = '\0';
 	    if (oFLink && rstreq(oFLink, buffer))
 		return FA_CREATE;	/* unmodified config file, replace. */
 	}
@@ -712,8 +714,10 @@ int rpmfiConfigConflict(const rpmfi fi)
 	    return 0;	/* unmodified config file */
     } else /* newWhat == LINK */ {
 	const char * nFLink;
-	if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+	ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+	if (link_len == -1)
 	    return 0;	/* assume file has been removed */
+	buffer[link_len] = '\0';
 	nFLink = rpmfiFLink(fi);
 	if (nFLink && rstreq(nFLink, buffer))
 	    return 0;	/* unmodified config file */
-- 
1.7.6.4

_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list
[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux