External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-23 14:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

node_device_driver.c: don't write beyond EOB for 4K-byte symlink

Browse Source 
* src/node_device/node_device_driver.c (update_driver_name): The
previous code would write one byte beyond the end of the 4KiB
stack buffer when presented with a symlink value of exactly that
length (very unlikely).  Remove the automatic buffer and use
virFileResolveLink in place of readlink.  Suggested by Daniel Veillard.
This commit is contained in:
Jim Meyering 2009-12-14 12:05:38 +01:00
parent 042956d558
commit b148318981
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/node_device/node_device_driver.c
View File

@ -78,10 +78,9 @@ static int update_driver_name(virConnectPtr conn,
virNodeDeviceObjPtr dev) virNodeDeviceObjPtr dev)
{ {
char *driver_link = NULL; char *driver_link = NULL;
char devpath[PATH_MAX]; char *devpath;
char *p; char *p;
int ret = -1; int ret = -1;
int n;
VIR_FREE(dev->def->driver); VIR_FREE(dev->def->driver);
@ -97,12 +96,11 @@ static int update_driver_name(virConnectPtr conn,
goto cleanup; goto cleanup;
} }
if ((n = readlink(driver_link, devpath, sizeof devpath)) < 0) { if (virFileResolveLink(driver_link, &devpath) < 0) {
virReportSystemError(conn, errno, virReportSystemError(conn, errno,
_("cannot resolve driver link %s"), driver_link); _("cannot resolve driver link %s"), driver_link);
goto cleanup; goto cleanup;
} }
devpath[n] = '\0';
p = strrchr(devpath, '/'); p = strrchr(devpath, '/');
if (p) { if (p) {
@ -116,6 +114,7 @@ static int update_driver_name(virConnectPtr conn,
cleanup: cleanup:
VIR_FREE(driver_link); VIR_FREE(driver_link);
free(devpath);
return ret; return ret;
} }
#else #else