CID 97377: ntp-keygen.c's followlink() might not NUL-terminate

bk: 50027973OLEPnu_SE_hVp5X167-bxg

diff --git a/ChangeLog b/ChangeLog
index ba090da6b9a8ee005ab9f2aeb6c3ffacabf75663..0a7ef505595f3c5d9cec7c85dfd7d636d7a40142 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* CID 97377: ntp-keygen.c's followlink() might not NUL-terminate.
 * CID 709185: refclock_chu.c will leak fd==0 (which should be impossible).
 (4.2.7p288) 2012/07/03 Released by Harlan Stenn <stenn@ntp.org>
 * CID 709173: Make sure a libisc function we do not use is called properly.

diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c
index d8bcba29892d5550d3972fb16bcba13a21684497..0827cff360fa66ec298d28ad4aacda451dc18bac 100644 (file)
--- a/util/ntp-keygen.c
+++ b/util/ntp-keygen.c
@@ -267,9 +267,13 @@ followlink(
 {
        int len;
 
+       REQUIRE(bufsiz > 0);
+
        len = readlink(fname, fname, (int)bufsiz);
-       if (len < 0 || bufsiz < 1)
+       if (len < 0 ) {
+               fname[0] = '\0';
                return;
+       }
        if (len > (int)bufsiz - 1)
                len = (int)bufsiz - 1;
        fname[len] = '\0';