[PATCH] Revert "initd: fix off-by-one error in mkdev.c"

Felix Fietkau nbd at nbd.name
Tue Aug 31 01:59:02 PDT 2021


On 2021-08-31 10:25, vincent at systemli.org wrote:
> From: Nick Hainke <vincent at systemli.org>
> 
> This reverts commit 8eb1d783cca6e0d501dd3a2f94262ffc36ae6482.
> 
> This line reads a symbolic link into the string buffer "buf".
> 	len = readlink(buf2, buf, sizeof(buf));
> The commit replaced now
> 	buf[len] = 0;
> with
> 	buf[sizeof(buf) - 1] = '\0';
> 
> However, that does not work since readlink does not null-terminate
> the string written into "buf" and  "buf[len] = 0" was used for that.
> 
> What happens if the buffer is to small?
> "If the buf argument is not large enough to contain the link content,
> the first bufsize bytes shall be placed in buf."
> (Source: https://pubs.opengroup.org/onlinepubs/009695399/functions/readlink.htm)
That revert adds back the original off-by-one error, since len will be
sizeof(buf) in case of an undersized buffer.
I agree that 'buf[len] = 0' is correct, but only if you also use
sizeof(buf)-1 as size argument in the readlink() call.

- Felix



More information about the openwrt-devel mailing list