[PATCH] Avoid buffer overflow on strncat usage
Dirk Müller
dirk at dmllr.de
Mon Feb 3 12:54:52 EST 2014
strncat() does not want the total size but the maximum length.
Signed-off-by: Dirk Mueller <dmueller at suse.com>
---
kexec/fs2dt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kexec/fs2dt.c b/kexec/fs2dt.c
index 73c1fb9..65a8b66 100644
--- a/kexec/fs2dt.c
+++ b/kexec/fs2dt.c
@@ -649,8 +649,8 @@ static void putnode(void)
goto no_debug;
}
strncpy(filename, "/proc/device-tree/", MAXPATH);
- strncat(filename, buff, MAXPATH);
- strncat(filename, "/compatible", MAXPATH);
+ strncat(filename, buff, MAXPATH-strlen(filename)-1);
+ strncat(filename, "/compatible", MAXPATH-strlen(filename)-1);
fd = open(filename, O_RDONLY);
if (fd == -1) {
printf("Unable to find %s printing from
purgatory is diabled\n",
--
1.8.4.1
More information about the kexec
mailing list