From 4327ed40d96c95803b2d4d09ddf997c895eea071 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Mon, 2 Sep 2019 21:26:18 +0200 Subject: [PATCH] mkdev: Avoid out of bounds read readlink() truncates and does not null terminate the string when more bytes would be written than available. Just increase the char array by one and assume that there is a problem when all bytes are needed. Coverity: #1330087, #1329991 Signed-off-by: Hauke Mehrtens --- libblkid-tiny/mkdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libblkid-tiny/mkdev.c b/libblkid-tiny/mkdev.c index a35722b..e8ce841 100644 --- a/libblkid-tiny/mkdev.c +++ b/libblkid-tiny/mkdev.c @@ -31,7 +31,7 @@ #include -static char buf[PATH_MAX]; +static char buf[PATH_MAX + 1]; static char buf2[PATH_MAX]; static unsigned int mode = 0600; @@ -66,7 +66,7 @@ static void find_devs(bool block) strcpy(path, dp->d_name); len = readlink(buf2, buf, sizeof(buf)); - if (len <= 0) + if (len <= 0 || len == sizeof(buf)) continue; buf[len] = 0; -- 2.25.1