From ebf5a4e7c87e411fd0c436dff82737cfce77f20d Mon Sep 17 00:00:00 2001
From: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Fri, 21 Oct 2011 23:05:54 +0200
Subject: Fix unterminated buffer after readlink() call

readlink() never terminates the buffer.

Detected by "cppcheck" (git HEAD)

Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
---
 lib/rpmfi.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index e1e8fa9fa..6186d9fe7 100644
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -661,8 +661,10 @@ rpmFileAction rpmfiDecideFate(const rpmfi ofi, rpmfi nfi, int skipMissing)
 	const char * oFLink, * nFLink;
 	oFLink = rpmfiFLink(ofi);
 	if (diskWhat == LINK) {
-	    if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+	    ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+	    if (link_len == -1)
 		return FA_CREATE;	/* assume file has been removed */
+	    buffer[link_len] = '\0';
 	    if (oFLink && rstreq(oFLink, buffer))
 		return FA_CREATE;	/* unmodified config file, replace. */
 	}
@@ -712,8 +714,10 @@ int rpmfiConfigConflict(const rpmfi fi)
 	    return 0;	/* unmodified config file */
     } else /* newWhat == LINK */ {
 	const char * nFLink;
-	if (readlink(fn, buffer, sizeof(buffer) - 1) == -1)
+	ssize_t link_len = readlink(fn, buffer, sizeof(buffer) - 1);
+	if (link_len == -1)
 	    return 0;	/* assume file has been removed */
+	buffer[link_len] = '\0';
 	nFLink = rpmfiFLink(fi);
 	if (nFLink && rstreq(nFLink, buffer))
 	    return 0;	/* unmodified config file */
-- 
cgit v1.2.3