[PATCH] Avoid buffer overflow on strncat usage
Dirk Müller
dirk at dmllr.de
Tue Feb 4 07:03:42 EST 2014
Hi Simon,
> I don't think you need the -1 as filename will have a trailing '\0'
> which is not counted in the return value of strlen()
Thats true, but strncat always writes a trailing NUL, and to avoid
that this one overflows the buffer, you need to subtract -1.
However, this code in particular can be rewrittten to use snprintf(),
which avoids
the overflow and is also a bit more readable.
How about the attached patch?
Thanks,
Dirk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Avoid-buffer-overflow-on-strncat-usage.patch
Type: text/x-patch
Size: 1500 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/kexec/attachments/20140204/a18617cc/attachment.bin>
More information about the kexec
mailing list