Then what 2.1.22 does:
It will mistakenly write a terminating nul character.
It will fail to return the correct value when the contents just fits,
or is truncated.
A patch below.
Andries
--- symlink.c.orig Thu Jan 23 23:06:52 1997
+++ symlink.c Thu Jan 23 23:43:20 1997
@@ -122,12 +122,11 @@
}
else
link = (char *) inode->u.ext2_i.i_data;
-
- /* XXX I hope link is always '\0'-terminated. */
- i = strlen(link);
- if (i >= buflen)
- i = buflen-1;
- if (copy_to_user(buffer, link, i+1))
+
+ i = 0;
+ while (i < buflen && link[i])
+ i++;
+ if (copy_to_user(buffer, link, i))
i = -EFAULT;
if (DO_UPDATE_ATIME(inode)) {
inode->i_atime = CURRENT_TIME;