From: Jim Meyering <meyering@redhat.com>
Date: Mon, 14 Dec 2009 11:05:38 +0000 (+0100)
Subject: node_device_driver.c: don't write beyond EOB for 4K-byte symlink
X-Git-Tag: v0.7.5~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1483189811c6980945731f54837c765d61ea5d0;p=thirdparty%2Flibvirt.git

node_device_driver.c: don't write beyond EOB for 4K-byte symlink

* src/node_device/node_device_driver.c (update_driver_name): The
previous code would write one byte beyond the end of the 4KiB
stack buffer when presented with a symlink value of exactly that
length (very unlikely).  Remove the automatic buffer and use
virFileResolveLink in place of readlink.  Suggested by Daniel Veillard.
---

diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index f083f168a2..ecbac0f625 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -78,10 +78,9 @@ static int update_driver_name(virConnectPtr conn,
                               virNodeDeviceObjPtr dev)
 {
     char *driver_link = NULL;
-    char devpath[PATH_MAX];
+    char *devpath;
     char *p;
     int ret = -1;
-    int n;
 
     VIR_FREE(dev->def->driver);
 
@@ -97,12 +96,11 @@ static int update_driver_name(virConnectPtr conn,
         goto cleanup;
     }
 
-    if ((n = readlink(driver_link, devpath, sizeof devpath)) < 0) {
+    if (virFileResolveLink(driver_link, &devpath) < 0) {
         virReportSystemError(conn, errno,
                              _("cannot resolve driver link %s"), driver_link);
         goto cleanup;
     }
-    devpath[n] = '\0';
 
     p = strrchr(devpath, '/');
     if (p) {
@@ -116,6 +114,7 @@ static int update_driver_name(virConnectPtr conn,
 
 cleanup:
     VIR_FREE(driver_link);
+    free(devpath);
     return ret;
 }
 #else