initd: fix off-by-one error in mkdev.c
authorNick Hainke <vincent@systemli.org>
Tue, 31 Aug 2021 09:09:19 +0000 (11:09 +0200)
committerDaniel Golle <daniel@makrotopia.org>
Tue, 31 Aug 2021 11:24:14 +0000 (12:24 +0100)
Substract 1 from bufsize so len can not be out of bounds. Same
hanling as in "udevtrigger.c" in "sysfs_resolve_link".

Replaces: 8eb1d783
Coverity CID: 1330087 Readlink used insecurely

Signed-off-by: Nick Hainke <vincent@systemli.org>
initd/mkdev.c

index 44101aa12df5e5a102b626d2eb41f1a10a40e2ad..f0a1e84fc4dec585bb80be591662ca69c3bc291a 100644 (file)
@@ -82,7 +82,7 @@ static void find_devs(bool block)
                        continue;
 
                strcpy(path, dp->d_name);
-               len = readlink(buf2, buf, sizeof(buf));
+               len = readlink(buf2, buf, sizeof(buf) - 1);
                if (len <= 0)
                        continue;