From: NeilBrown <neilb@suse.de>
Date: Thu, 28 Jan 2010 23:15:15 +0000 (+1100)
Subject: mdmon: fix fd leak and possible buffer overrun.
X-Git-Tag: mdadm-3.1.2~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=417a4b046dbf1aa430237ceb192d65cdb3381a05;p=thirdparty%2Fmdadm.git

mdmon: fix fd leak and possible buffer overrun.

We normally wouldn't close 'fd', and as 'buf' might not have
had a nul, strstr could have overrun it.

Signed-off-by: NeilBrown <neilb@suse.de>
---

diff --git a/mdmon.c b/mdmon.c
index 0ec42591..723c1a01 100644
--- a/mdmon.c
+++ b/mdmon.c
@@ -180,6 +180,7 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	char buf[100];
 	int fd;
 	struct mdstat_ent *mdstat;
+	int n;
 
 	/* first rule of survival... don't off yourself */
 	if (pid == getpid())
@@ -191,12 +192,11 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	if (fd < 0)
 		return;
 
-	if (read(fd, buf, sizeof(buf)) < 0) {
-		close(fd);
-		return;
-	}
+	n = read(fd, buf, sizeof(buf)-1);
+	buf[sizeof(buf)-1] = 0;
+	close(fd);
 
-	if (!strstr(buf, "mdmon"))
+	if (n < 0 || !strstr(buf, "mdmon"))
 		return;
 
 	kill(pid, SIGTERM);