From f7ed29a7b6fe4cd7a6d53619674115355771aed5 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 6 Jan 2009 14:26:12 +0100
Subject: [PATCH] namei: fix buffer overflow

 $ ./namei  /usr/bin/java
 *** glibc detected *** ./namei: free(): invalid next size (fast): 0x00000000018e5070 ***
 [...]
 Aborted

Reported-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 misc-utils/namei.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/misc-utils/namei.c b/misc-utils/namei.c
index 37909fe4..c259b30f 100644
--- a/misc-utils/namei.c
+++ b/misc-utils/namei.c
@@ -197,10 +197,11 @@ readlink_to_namei(struct namei *nm, const char *path)
 		err(EXIT_FAILURE, _("out of memory?"));
 
 	if (*sym != '/') {
+		/* create the absolute path from the relative symlink */
 		memcpy(nm->abslink, path, nm->relstart);
 		*(nm->abslink + nm->relstart) = '/';
 		nm->relstart++;
-		memcpy(nm->abslink + nm->relstart, sym, sz);
+		memcpy(nm->abslink + nm->relstart, sym, sz - nm->relstart);
 	} else
 		memcpy(nm->abslink, sym, sz);
 	nm->abslink[sz] = '\0';
-- 
2.39.5