[rpm PATCH] Fix unterminated buffer after readlink() call

Thomas Jarosch thomas.jarosch at intra2net.com
Fri Oct 21 21:05:54 UTC 2011


readlink() never terminates the buffer.

Detected by "cppcheck" (git HEAD)

Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com>
---
 lib/rpmfi.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index e1e8fa9..6186d9f 100644
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -661,8 +661,10 @@ rpmFileAction rpmfiDecideFate(const rpmfi ofi, rpmfi nfi, int skipMissing)
 	const char * oFLink, * nFLink;
 	oFLink = rpmfiFLink(ofi);
 	if (diskWhat == LINK) {
-	    if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+	    ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+	    if (link_len == -1)
 		return FA_CREATE;	/* assume file has been removed */
+	    buffer[link_len] = '\0';
 	    if (oFLink && rstreq(oFLink, buffer))
 		return FA_CREATE;	/* unmodified config file, replace. */
 	}
@@ -712,8 +714,10 @@ int rpmfiConfigConflict(const rpmfi fi)
 	    return 0;	/* unmodified config file */
     } else /* newWhat == LINK */ {
 	const char * nFLink;
-	if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+	ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+	if (link_len == -1)
 	    return 0;	/* assume file has been removed */
+	buffer[link_len] = '\0';
 	nFLink = rpmfiFLink(fi);
 	if (nFLink && rstreq(nFLink, buffer))
 	    return 0;	/* unmodified config file */
-- 
1.7.6.4



More information about the Rpm-list mailing list