summaryrefslogtreecommitdiff
path: root/fsdev
diff options
context:
space:
mode:
authorMarkus Armbruster <armbru@redhat.com>2014-02-21 17:43:09 +0100
committerAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>2014-02-26 12:24:07 +0530
commitd77f7779b4d74354b3444ceb0f93105ced3c26c8 (patch)
tree29588786a2274c0b4a3099eead1b6c5f5942c351 /fsdev
parentd5001cf787ad0514839a81d0f2e771e01e076e21 (diff)
downloadqemu-d77f7779b4d74354b3444ceb0f93105ced3c26c8.tar.gz
qemu-d77f7779b4d74354b3444ceb0f93105ced3c26c8.tar.bz2
qemu-d77f7779b4d74354b3444ceb0f93105ced3c26c8.zip
fsdev: Fix overrun after readlink() fills buffer completely
readlink() returns the number of bytes written to the buffer, and it doesn't write a terminating null byte. do_readlink() writes it itself. Overruns the buffer when readlink() filled it completely. Fix by reserving space for the null byte when calling readlink(), like we do elsewhere. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Diffstat (limited to 'fsdev')
-rw-r--r--fsdev/virtfs-proxy-helper.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index 713a7b2b87..bfecb8706c 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -595,7 +595,7 @@ static int do_readlink(struct iovec *iovec, struct iovec *out_iovec)
}
buffer = g_malloc(size);
v9fs_string_init(&target);
- retval = readlink(path.data, buffer, size);
+ retval = readlink(path.data, buffer, size - 1);
if (retval > 0) {
buffer[retval] = '\0';
v9fs_string_sprintf(&target, "%s", buffer);