From: Karel Zak Date: Tue, 6 Jan 2009 13:26:12 +0000 (+0100) Subject: namei: fix buffer overflow X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7ed29a7b6fe4cd7a6d53619674115355771aed5;p=util-linux namei: fix buffer overflow $ ./namei /usr/bin/java *** glibc detected *** ./namei: free(): invalid next size (fast): 0x00000000018e5070 *** [...] Aborted Reported-by: Sami Kerola Signed-off-by: Karel Zak --- diff --git a/misc-utils/namei.c b/misc-utils/namei.c index 37909fe4..c259b30f 100644 --- a/misc-utils/namei.c +++ b/misc-utils/namei.c @@ -197,10 +197,11 @@ readlink_to_namei(struct namei *nm, const char *path) err(EXIT_FAILURE, _("out of memory?")); if (*sym != '/') { + /* create the absolute path from the relative symlink */ memcpy(nm->abslink, path, nm->relstart); *(nm->abslink + nm->relstart) = '/'; nm->relstart++; - memcpy(nm->abslink + nm->relstart, sym, sz); + memcpy(nm->abslink + nm->relstart, sym, sz - nm->relstart); } else memcpy(nm->abslink, sym, sz); nm->abslink[sz] = '\0';