From b4f841d92fef76ca80e95c8e2c0ffcd84d4df69c Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Sat, 1 Dec 2007 15:29:45 +0000 Subject: [PATCH] Fix buffer termination off-by-1 in link comparison code --- ChangeLog | 5 +++++ src/qemu_conf.c | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7fb53b9f09..11fc36cf81 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Sat Dec 1 10:22:34 EST 2007 Daniel P. Berrange + + * src/qemu_driver.c: Fix off-by-1 buffer NULL termination in + symlink comparison code + Fri Nov 30 17:50:34 EST 2007 Daniel P. Berrange * src/xml.c, src/xml.h: Disable xen specific functions if diff --git a/src/qemu_conf.c b/src/qemu_conf.c index a3aaaf3811..12741b481f 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -2667,7 +2667,7 @@ checkLinkPointsTo(const char *checkLink, char *p; strncpy(dir, checkLink, PATH_MAX); - dir[PATH_MAX] = '\0'; + dir[PATH_MAX-1] = '\0'; if (!(p = strrchr(dir, '/'))) { qemudLog(QEMUD_WARN, "Symlink path '%s' is not absolute", checkLink); @@ -2685,7 +2685,7 @@ checkLinkPointsTo(const char *checkLink, } strncpy(dest, tmp, PATH_MAX); - dest[PATH_MAX] = '\0'; + dest[PATH_MAX-1] = '\0'; } /* canonicalize both paths */ @@ -2693,14 +2693,14 @@ checkLinkPointsTo(const char *checkLink, qemudLog(QEMUD_WARN, "Failed to expand path '%s' :%s", dest, strerror(errno)); strncpy(real, dest, PATH_MAX); - real[PATH_MAX] = '\0'; + real[PATH_MAX-1] = '\0'; } if (!realpath(checkDest, checkReal)) { qemudLog(QEMUD_WARN, "Failed to expand path '%s' :%s", checkDest, strerror(errno)); strncpy(checkReal, checkDest, PATH_MAX); - checkReal[PATH_MAX] = '\0'; + checkReal[PATH_MAX-1] = '\0'; } /* compare */