From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Wed, 20 Jul 2022 17:23:18 +0000 (-0600)
Subject: api: null terminate readlink buffer in cg_get_procname_from_proc_cmdline()
X-Git-Tag: v2.0.3~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfc9ee791899e57a25b5621205d154a7f91ffff7;p=thirdparty%2Flibcgroup.git

api: null terminate readlink buffer in cg_get_procname_from_proc_cmdline()

Fix readlink buffer null termination warning, reported by Coverity tool:

CID 258276 (#1 of 1): String not null terminated (STRING_NULL).
string_null: Passing unterminated string buf_cwd to strcat, which
expects a null-terminated string.

As per the man pages (man 2 readlink):
"readlink() does not append a null byte to buf.  It  will  (silently)
truncate the contents (to a length of bufsiz characters), in case the
buffer is too small to hold all of the contents."

Explicitly null terminate the buffer passed to readlink() in
cg_get_procname_from_proc_cmdline().

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 23bdfd2326a01675a0eac9ab7b601b4a505d219c)
---

diff --git a/src/api.c b/src/api.c
index b1b57d92..39bd5f23 100644
--- a/src/api.c
+++ b/src/api.c
@@ -5238,6 +5238,9 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid,
 	if (readlink(path, buf_cwd, sizeof(buf_cwd)) < 0)
 		return ECGROUPNOTEXIST;
 
+	/* readlink doesn't append a null */
+	buf_cwd[FILENAME_MAX - 1] = '\0';
+
 	sprintf(path, "/proc/%d/cmdline", pid);
 	f = fopen(path, "re");
 	if (!f)