diff options
author | Lukas Nykryn <lnykryn@redhat.com> | 2011-10-27 14:27:47 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2012-01-11 15:34:39 -0800 |
commit | 05c92e63a4a9775e057fe6c0184faf96c46569f9 (patch) | |
tree | 9417e9687f02c0dd698fb128b130ffe60b261173 /usbmisc.c | |
parent | 4c0256059c5479fb8750320f25f6efceefec2ddb (diff) | |
download | usbutils-05c92e63a4a9775e057fe6c0184faf96c46569f9.tar.gz |
Buffer overun
Because readlink() does not null-terminate buffer, only return
number of written chars, thare is possibility that buf[ret] = 0;
will write to unallocated area.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'usbmisc.c')
-rw-r--r-- | usbmisc.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -42,7 +42,7 @@ static int readlink_recursive(const char *path, char *buf, size_t bufsize) char *ptemp; int ret; - ret = readlink(path, buf, bufsize); + ret = readlink(path, buf, bufsize-1); if (ret > 0) { buf[ret] = 0; |