[PATCH 1/2] Revert "initd: fix off-by-one error in mkdev.c"

vincent at systemli.org vincent at systemli.org
Tue Aug 31 02:09:18 PDT 2021


From: Nick Hainke <vincent at systemli.org>

This reverts commit 8eb1d783cca6e0d501dd3a2f94262ffc36ae6482.

This line reads a symbolic link into the string buffer "buf".
	len = readlink(buf2, buf, sizeof(buf));
The commit replaced now
	buf[len] = 0;
with
	buf[sizeof(buf) - 1] = '\0';

However, that does not work since readlink does not null-terminate
the string written into "buf" and  "buf[len] = 0" was used for that.

What happens if the buffer is to small?
"If the buf argument is not large enough to contain the link content,
the first bufsize bytes shall be placed in buf."
(Source: https://pubs.opengroup.org/onlinepubs/009695399/functions/readlink.htm)

Signed-off-by: Nick Hainke <vincent at systemli.org>
---
 initd/mkdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initd/mkdev.c b/initd/mkdev.c
index 1c9c97a..44101aa 100644
--- a/initd/mkdev.c
+++ b/initd/mkdev.c
@@ -86,7 +86,7 @@ static void find_devs(bool block)
 		if (len <= 0)
 			continue;
 
-		buf[sizeof(buf) - 1] = '\0';
+		buf[len] = 0;
 		if (!find_pattern(buf))
 			continue;
 
-- 
2.33.0




More information about the openwrt-devel mailing list