summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2009-03-23 08:12:14 -0400
committerSteve Dickson <steved@redhat.com>2009-03-23 08:12:14 -0400
commit7f1f9985cf510b087e7a817597094acba9143795 (patch)
tree8b2ee999d0b14ca950efd649b47963910e49b4d3
parent690b2eb64e44dc96db68900dd17ea4586b51966e (diff)
downloadnfs-utils-7f1f9985cf510b087e7a817597094acba9143795.tar.gz
nfs-utils-7f1f9985cf510b087e7a817597094acba9143795.tar.xz
nfs-utils-7f1f9985cf510b087e7a817597094acba9143795.zip
gssd: NULL-terminate buffer after read in read_service_info (try #2)
Valgrind complains that we're passing an unintialized buffer to sscanf here. The main problem seems to be that we're not ensuring that the buffer is NULL terminated before we pass it off. This is the second version of this patch, the first one did not increase the buffer allocation by 1 which could have led to clobbering the next byte on the stack if nbytes == INFOBUFLEN. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
-rw-r--r--utils/gssd/gssd_proc.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 295c37d..fb97a13 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -107,7 +107,7 @@ static int
read_service_info(char *info_file_name, char **servicename, char **servername,
int *prog, int *vers, char **protocol, int *port) {
#define INFOBUFLEN 256
- char buf[INFOBUFLEN];
+ char buf[INFOBUFLEN + 1];
static char dummy[128];
int nbytes;
static char service[128];
@@ -132,6 +132,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
goto fail;
close(fd);
+ buf[nbytes] = '\0';
numfields = sscanf(buf,"RPC server: %127s\n"
"service: %127s %15s version %15s\n"