[PATCH] Avoid buffer overflow on strncat usage
Simon Horman
horms at verge.net.au
Tue Feb 4 07:37:12 EST 2014
On Tue, Feb 04, 2014 at 01:03:42PM +0100, Dirk Müller wrote:
> Hi Simon,
>
> > I don't think you need the -1 as filename will have a trailing '\0'
> > which is not counted in the return value of strlen()
>
> Thats true, but strncat always writes a trailing NUL, and to avoid
> that this one overflows the buffer, you need to subtract -1.
>
> However, this code in particular can be rewrittten to use snprintf(),
> which avoids
> the overflow and is also a bit more readable.
>
> How about the attached patch?
Looks good, I have applied it.
More information about the kexec
mailing list