[rpm PATCH] Fix unterminated buffer after readlink() call
Thomas Jarosch
thomas.jarosch at intra2net.com
Fri Oct 21 21:05:54 UTC 2011
readlink() never terminates the buffer.
Detected by "cppcheck" (git HEAD)
Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com>
---
lib/rpmfi.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index e1e8fa9..6186d9f 100644
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -661,8 +661,10 @@ rpmFileAction rpmfiDecideFate(const rpmfi ofi, rpmfi nfi, int skipMissing)
const char * oFLink, * nFLink;
oFLink = rpmfiFLink(ofi);
if (diskWhat == LINK) {
- if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+ ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+ if (link_len == -1)
return FA_CREATE; /* assume file has been removed */
+ buffer[link_len] = '\0';
if (oFLink && rstreq(oFLink, buffer))
return FA_CREATE; /* unmodified config file, replace. */
}
@@ -712,8 +714,10 @@ int rpmfiConfigConflict(const rpmfi fi)
return 0; /* unmodified config file */
} else /* newWhat == LINK */ {
const char * nFLink;
- if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+ ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+ if (link_len == -1)
return 0; /* assume file has been removed */
+ buffer[link_len] = '\0';
nFLink = rpmfiFLink(fi);
if (nFLink && rstreq(nFLink, buffer))
return 0; /* unmodified config file */
--
1.7.6.4
More information about the Rpm-list
mailing list