From 96346518caa94fe5ed39d0ea5e2ebea5335e7f29 Mon Sep 17 00:00:00 2001
From: Ivana Hutarova Varekova <varekova@redhat.com>
Date: Thu, 16 Jun 2011 15:08:38 +0200
Subject: [PATCH] api: cg_set_control_value strncat fix

cg_set_control_value function contains strncat which uses
sizeof(string) for limitation size which is bogus. This patch fixes it.

Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
---
 src/api.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/api.c b/src/api.c
index 96495c32..d5022c2b 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1286,18 +1286,34 @@ static int cg_set_control_value(char *path, const char *val)
 			 * does not exist. So we check if the tasks file
 			 * exist. Before that, we need to extract the path.
 			 */
-			int len = strlen(path);
+			char *path_dir_end;
+			char *tasks_path;
 
-			while (*(path+len) != '/')
-				len--;
-			*(path+len+1) = '\0';
-			strncat(path, "tasks", sizeof(path) - strlen(path));
-			control_file = fopen(path, "re");
+			path_dir_end = strrchr(path, '/');
+			if (path_dir_end == NULL)
+				return ECGROUPVALUENOTEXIST;
+			path_dir_end = '\0';
+
+			/* task_path contain: $path/tasks */
+			tasks_path = (char *)malloc(strlen(path) + 6 + 1);
+			if (tasks_path == NULL) {
+				last_errno = errno;
+				return ECGOTHER;
+			}
+			strcpy(tasks_path, path);
+			strcat(tasks_path, "/tasks");
+
+			/* test tasks file for read flag */
+			control_file = fopen(tasks_path, "re");
 			if (!control_file) {
-				if (errno == ENOENT)
+				if (errno == ENOENT) {
+					free(tasks_path);
 					return ECGROUPSUBSYSNOTMOUNTED;
+				}
 			}
+
 			fclose(control_file);
+			free(tasks_path);
 			return ECGROUPNOTALLOWED;
 		}
 		return ECGROUPVALUENOTEXIST;
-- 
2.47.2