still a bug in ext2/symlink.c (+patch)

Andries.Brouwer@cwi.nl
Fri, 24 Jan 1997 00:04:50 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Adam D. Bradley: "Re: Good point of Linux over Windows NT"
Previous message: Richard B. Johnson: "Re: NetBEUI support"

First the docs:
DESCRIPTION
readlink places the contents of the symbolic link referred to by path in
the buffer buf, which has size bufsiz. The contents of the link are not
null-terminated when returned.
If the buffer passed to readlink is smaller than the symbolic link file
being read, readlink returns only as many characters as will fit in the
buffer.

Then what 2.1.22 does:
It will mistakenly write a terminating nul character.
It will fail to return the correct value when the contents just fits,
or is truncated.

A patch below.

Andries

--- symlink.c.orig Thu Jan 23 23:06:52 1997
+++ symlink.c Thu Jan 23 23:43:20 1997
@@ -122,12 +122,11 @@
}
else
link = (char *) inode->u.ext2_i.i_data;
-
- /* XXX I hope link is always '\0'-terminated. */
- i = strlen(link);
- if (i >= buflen)
- i = buflen-1;
- if (copy_to_user(buffer, link, i+1))
+
+ i = 0;
+ while (i < buflen && link[i])
+ i++;
+ if (copy_to_user(buffer, link, i))
i = -EFAULT;
if (DO_UPDATE_ATIME(inode)) {
inode->i_atime = CURRENT_TIME;

Next message: Adam D. Bradley: "Re: Good point of Linux over Windows NT"
Previous message: Richard B. Johnson: "Re: NetBEUI support"