remove buffer-overrun risk in readlink call

readlink does not write a nul character to the end of the
string it returns. Therefore ask for one fewer character
than the buffer size so there's always room for an extra \0.

Signed-off-by: Mathias Nyman <mathias.nyman@nokia.com>
Signed-off-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com>

diff --git a/udev/udev-node.c b/udev/udev-node.c
index 2a2c2cf0b46409de1af626d69032e5c7451b8d96..ceb1d52ea7f7bf2c794696b057018ad5fd5e68d4 100644 (file)
--- a/udev/udev-node.c
+++ b/udev/udev-node.c
@@ -163,7 +163,7 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink)
                        int len;
 
                        dbg(udev, "found existing symlink '%s'\n", slink);
-                       len = readlink(slink, buf, sizeof(buf));
+                       len = readlink(slink, buf, sizeof(buf) - 1);
                        if (len > 0) {
                                buf[len] = '\0';
                                if (strcmp(target, buf) == 0) {