node_device_driver.c: don't write beyond EOB for 4K-byte symlink

* src/node_device/node_device_driver.c (update_driver_name): The
previous code would write one byte beyond the end of the 4KiB
stack buffer when presented with a symlink value of exactly that
length (very unlikely).  Remove the automatic buffer and use
virFileResolveLink in place of readlink.  Suggested by Daniel Veillard.

diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index f083f168a2c4f351e265c7e1de87de73299831e3..ecbac0f625565587fe4ad716357d31e788ca667c 100644 (file)
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -78,10 +78,9 @@ static int update_driver_name(virConnectPtr conn,
                               virNodeDeviceObjPtr dev)
 {
     char *driver_link = NULL;
-    char devpath[PATH_MAX];
+    char *devpath;
     char *p;
     int ret = -1;
-    int n;
 
     VIR_FREE(dev->def->driver);
 
@@ -97,12 +96,11 @@ static int update_driver_name(virConnectPtr conn,
         goto cleanup;
     }
 
-    if ((n = readlink(driver_link, devpath, sizeof devpath)) < 0) {
+    if (virFileResolveLink(driver_link, &devpath) < 0) {
         virReportSystemError(conn, errno,
                              _("cannot resolve driver link %s"), driver_link);
         goto cleanup;
     }
-    devpath[n] = '\0';
 
     p = strrchr(devpath, '/');
     if (p) {
@@ -116,6 +114,7 @@ static int update_driver_name(virConnectPtr conn,
 
 cleanup:
     VIR_FREE(driver_link);
+    free(devpath);
     return ret;
 }
 #else