readlink() truncates and does not null terminate the string when more bytes would be written than available. Just increase the char array by one and assume that there is a problem when all bytes are needed.
Coverity: #1330087, #1329991 Signed-off-by: Hauke Mehrtens <[email protected]> --- libblkid-tiny/mkdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libblkid-tiny/mkdev.c b/libblkid-tiny/mkdev.c index a35722b..e8ce841 100644 --- a/libblkid-tiny/mkdev.c +++ b/libblkid-tiny/mkdev.c @@ -31,7 +31,7 @@ #include <syslog.h> -static char buf[PATH_MAX]; +static char buf[PATH_MAX + 1]; static char buf2[PATH_MAX]; static unsigned int mode = 0600; @@ -66,7 +66,7 @@ static void find_devs(bool block) strcpy(path, dp->d_name); len = readlink(buf2, buf, sizeof(buf)); - if (len <= 0) + if (len <= 0 || len == sizeof(buf)) continue; buf[len] = 0; -- 2.20.1 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
