Fix for buffer overflow defect in 'link'.

Potential buffer overflow of 'link' caused by user input may occur,
due to non null-terminated string 'link'.

Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

diff --git a/platform-intel.c b/platform-intel.c
index d568ca614887bf154adb6a6206115ce462c24f7c..b21ff0757b985bc52a94f721d5e101509af82482 100644 (file)
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -57,13 +57,17 @@ struct sys_dev *find_driver_devices(const char *bus, const char *driver)
        if (!driver_dir)
                return NULL;
        for (de = readdir(driver_dir); de; de = readdir(driver_dir)) {
+               int n;
+
                /* is 'de' a device? check that the 'subsystem' link exists and
                 * that its target matches 'bus'
                 */
                sprintf(path, "/sys/bus/%s/drivers/%s/%s/subsystem",
                        bus, driver, de->d_name);
-               if (readlink(path, link, sizeof(link)) < 0)
+               n = readlink(path, link, sizeof(link));
+               if (n < 0 || n >= sizeof(link))
                        continue;
+               link[n] = '\0';
                c = strrchr(link, '/');
                if (!c)
                        continue;