cg_set_control_value function contains strncat which uses
sizeof(string) for limitation size which is bogus. This patch fixes it.
Signed-off-by: Ivana Hutarova Varekova <varek...@redhat.com>
---
src/api.c | 30 +++++++++++++++++++++++-------
1 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/api.c b/src/api.c
index 597772b..9514b5b 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1244,18 +1244,34 @@ static int cg_set_control_value(char *path, const char
*val)
* does not exist. So we check if the tasks file
* exist. Before that, we need to extract the path.
*/
- int len = strlen(path);
+ char *path_dir_end;
+ char *tasks_path;
- while (*(path+len) != '/')
- len--;
- *(path+len+1) = '\0';
- strncat(path, "tasks", sizeof(path) - strlen(path));
- control_file = fopen(path, "re");
+ path_dir_end = strrchr(path, '/');
+ if (path_dir_end == NULL)
+ return ECGROUPVALUENOTEXIST;
+ path_dir_end = '\0';
+
+ /* task_path contain: $path/tasks */
+ tasks_path = (char *)malloc(strlen(path) + 6 + 1);
+ if (tasks_path == NULL) {
+ last_errno = errno;
+ return ECGOTHER;
+ }
+ strcpy(tasks_path, path);
+ strcat(tasks_path, "/tasks");
+
+ /* test tasks file for read flag */
+ control_file = fopen(tasks_path, "re");
if (!control_file) {
- if (errno == ENOENT)
+ if (errno == ENOENT) {
+ free(tasks_path);
return ECGROUPSUBSYSNOTMOUNTED;
+ }
}
+
fclose(control_file);
+ free(tasks_path);
return ECGROUPNOTALLOWED;
}
return ECGROUPVALUENOTEXIST;
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
