namei: fix buffer overflow

$ ./namei /usr/bin/java *** glibc detected *** ./namei: free(): invalid next size (fast): 0x00000000018e5070 *** [...] Aborted Reported-by: Sami Kerola <kerolasa@iki.fi> Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2009-01-06 14:26:12 +0100
committer: Karel Zak 2009-01-06 14:26:12 +0100
commit: f7ed29a7b6fe4cd7a6d53619674115355771aed5 (patch)
tree: a1f35dfa71a96414fd8d246f2f2e6771f6c3ef59 /misc-utils/namei.c
parent: raw: default to /dev/raw/rawctl (diff)
download: kernel-qcow2-util-linux-f7ed29a7b6fe4cd7a6d53619674115355771aed5.tar.gz
kernel-qcow2-util-linux-f7ed29a7b6fe4cd7a6d53619674115355771aed5.tar.xz
kernel-qcow2-util-linux-f7ed29a7b6fe4cd7a6d53619674115355771aed5.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/misc-utils/namei.c b/misc-utils/namei.c
index 37909fe4f..c259b30f7 100644
--- a/misc-utils/namei.c
+++ b/misc-utils/namei.c
@@ -197,10 +197,11 @@ readlink_to_namei(struct namei *nm, const char *path)
 		err(EXIT_FAILURE, _("out of memory?"));
 
 	if (*sym != '/') {
+		/* create the absolute path from the relative symlink */
 		memcpy(nm->abslink, path, nm->relstart);
 		*(nm->abslink + nm->relstart) = '/';
 		nm->relstart++;
-		memcpy(nm->abslink + nm->relstart, sym, sz);
+		memcpy(nm->abslink + nm->relstart, sym, sz - nm->relstart);
 	} else
 		memcpy(nm->abslink, sym, sz);
 	nm->abslink[sz] = '\0';
author	Karel Zak	2009-01-06 14:26:12 +0100
committer	Karel Zak	2009-01-06 14:26:12 +0100
commit	f7ed29a7b6fe4cd7a6d53619674115355771aed5 (patch)
tree	a1f35dfa71a96414fd8d246f2f2e6771f6c3ef59 /misc-utils/namei.c
parent	raw: default to /dev/raw/rawctl (diff)
download	kernel-qcow2-util-linux-f7ed29a7b6fe4cd7a6d53619674115355771aed5.tar.gz kernel-qcow2-util-linux-f7ed29a7b6fe4cd7a6d53619674115355771aed5.tar.xz kernel-qcow2-util-linux-f7ed29a7b6fe4cd7a6d53619674115355771aed5.zip