Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Buffer overun

Because readlink() does not null-terminate buffer, only return
number of written chars, thare is possibility that buf[ret] = 0;
will write to unallocated area.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  • Loading branch information...
commit 05c92e63a4a9775e057fe6c0184faf96c46569f9 1 parent 4c02560
@lnykryn lnykryn authored committed
Showing with 1 addition and 1 deletion.
  1. +1 −1  usbmisc.c
View
2  usbmisc.c
@@ -42,7 +42,7 @@ static int readlink_recursive(const char *path, char *buf, size_t bufsize)
char *ptemp;
int ret;
- ret = readlink(path, buf, bufsize);
+ ret = readlink(path, buf, bufsize-1);
if (ret > 0) {
buf[ret] = 0;
Please sign in to comment.
Something went wrong with that request. Please try again.