Buffer overun

Because readlink() does not null-terminate buffer, only return number of written chars, thare is possibility that buf[ret] = 0; will write to unallocated area. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Lukas Nykryn <lnykryn@redhat.com> 2011-10-27 14:27:47 +0200
committer: Greg Kroah-Hartman <gregkh@suse.de> 2012-01-11 15:34:39 -0800
commit: 05c92e63a4a9775e057fe6c0184faf96c46569f9 (patch)
tree: 9417e9687f02c0dd698fb128b130ffe60b261173 /usbmisc.c
parent: 4c0256059c5479fb8750320f25f6efceefec2ddb (diff)
download: usbutils-05c92e63a4a9775e057fe6c0184faf96c46569f9.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usbmisc.c b/usbmisc.c
index c6179c1..4c5612a 100644
--- a/usbmisc.c
+++ b/usbmisc.c
@@ -42,7 +42,7 @@ static int readlink_recursive(const char *path, char *buf, size_t bufsize)
 	char *ptemp;
 	int ret;
 
-	ret = readlink(path, buf, bufsize);
+	ret = readlink(path, buf, bufsize-1);
 
 	if (ret > 0) {
 		buf[ret] = 0;
author	Lukas Nykryn <lnykryn@redhat.com>	2011-10-27 14:27:47 +0200
committer	Greg Kroah-Hartman <gregkh@suse.de>	2012-01-11 15:34:39 -0800
commit	05c92e63a4a9775e057fe6c0184faf96c46569f9 (patch)
tree	9417e9687f02c0dd698fb128b130ffe60b261173 /usbmisc.c
parent	4c0256059c5479fb8750320f25f6efceefec2ddb (diff)
download	usbutils-05c92e63a4a9775e057fe6c0184faf96c46569f9.tar.gz