gssd: NULL-terminate buffer after read in read_service_info (try #2)

Valgrind complains that we're passing an unintialized buffer to sscanf
here. The main problem seems to be that we're not ensuring that the
buffer is NULL terminated before we pass it off.

This is the second version of this patch, the first one did not increase
the buffer allocation by 1 which could have led to clobbering the next
byte on the stack if nbytes == INFOBUFLEN.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 295c37d..fb97a13 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -107,7 +107,7 @@ static int
 read_service_info(char *info_file_name, char **servicename, char **servername,
 		  int *prog, int *vers, char **protocol, int *port) {
 #define INFOBUFLEN 256
-	char		buf[INFOBUFLEN];
+	char		buf[INFOBUFLEN + 1];
 	static char	dummy[128];
 	int		nbytes;
 	static char	service[128];
@@ -132,6 +132,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
 	if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
 		goto fail;
 	close(fd);
+	buf[nbytes] = '\0';
 
 	numfields = sscanf(buf,"RPC server: %127s\n"
 		   "service: %127s %15s version %15s\n"