From e925018786d85fb3aed3b62a0a89309f9a7d5e4f Mon Sep 17 00:00:00 2001 From: Mathias Nyman Date: Wed, 21 Apr 2010 13:52:52 +0300 Subject: [PATCH] remove buffer-overrun risk in readlink call readlink does not write a nul character to the end of the string it returns. Therefore ask for one fewer character than the buffer size so there's always room for an extra \0. Signed-off-by: Mathias Nyman Signed-off-by: Phil Carmody Signed-off-by: Martin Pitt --- udev/udev-node.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/udev/udev-node.c b/udev/udev-node.c index 2a2c2cf0b46..ceb1d52ea7f 100644 --- a/udev/udev-node.c +++ b/udev/udev-node.c @@ -163,7 +163,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink) int len; dbg(udev, "found existing symlink '%s'\n", slink); - len = readlink(slink, buf, sizeof(buf)); + len = readlink(slink, buf, sizeof(buf) - 1); if (len > 0) { buf[len] = '\0'; if (strcmp(target, buf) == 0) {