In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/51b468f688a3660c4842b9e634c5fe58a2196307?hp=ce5b0b849c4a3e4d77dc60096ae4170609a81644>
- Log ----------------------------------------------------------------- commit 51b468f688a3660c4842b9e634c5fe58a2196307 Author: Jarkko Hietaniemi <[email protected]> Date: Sat Jul 26 09:42:30 2014 -0400 readlink() result buffer is not zero-terminated. Therefore, as an extra paranoia step, zero-terminate the readlink result buffer even before the result SV is created. Also, readlink returns SSize_t, not int. ----------------------------------------------------------------------- Summary of changes: caretx.c | 8 +++++++- pp_sys.c | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/caretx.c b/caretx.c index bf5ba85..dffa445 100644 --- a/caretx.c +++ b/caretx.c @@ -99,7 +99,13 @@ Perl_set_caret_X(pTHX) { } # elif defined(HAS_PROCSELFEXE) char buf[MAXPATHLEN]; - int len = readlink(PROCSELFEXE_PATH, buf, sizeof(buf) - 1); + Ssize_t len = readlink(PROCSELFEXE_PATH, buf, sizeof(buf) - 1); + /* NOTE: if the length returned by readlink() is sizeof(buf) - 1, + * it is impossible to know whether the result was truncated. */ + + if (len != -1) { + buf[len] = '\0'; + } /* On Playstation2 Linux V1.0 (kernel 2.2.1) readlink(/proc/self/exe) includes a spurious NUL which will cause $^X to fail in system diff --git a/pp_sys.c b/pp_sys.c index 501146e..e01cf48 100644 --- a/pp_sys.c +++ b/pp_sys.c @@ -3671,13 +3671,17 @@ PP(pp_readlink) dTARGET; const char *tmps; char buf[MAXPATHLEN]; - int len; + SSize_t len; TAINT; tmps = POPpconstx; + /* NOTE: if the length returned by readlink() is sizeof(buf) - 1, + * it is impossible to know whether the result was truncated. */ len = readlink(tmps, buf, sizeof(buf) - 1); if (len < 0) RETPUSHUNDEF; + if (len != -1) + buf[len] = '\0'; PUSHp(buf, len); RETURN; #else -- Perl5 Master Repository
