path: root/tools/slub
diff options
authorThomas Jarosch <thomas.jarosch@intra2net.com>2011-10-17 16:48:10 +0200
committerPekka Enberg <penberg@kernel.org>2011-10-18 19:57:59 +0300
commitfe353178653b15add8626f5474842601be160281 (patch)
tree49c4d36e9f3929df1f561033722cbf72c65fee96 /tools/slub
parentmm: restrict access to slab files under procfs and sysfs (diff)
tools, slub: Fix off-by-one buffer corruption after readlink() call
readlink() never zero terminates the provided buffer. Therefore we already do buffer[count] = 0; This leads to an off-by-one buffer corruption as readlink() might return the full size of the buffer. The common technique is to reduce the buffer size by one. Another fix would be to check if (count < 0 || count == sizeof(buffer)) fatal(); Reducing the buffer size by one is easier IMHO. Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Christoph Lameter <cl@gentwo.org> Signed-off-by: Pekka Enberg <penberg@kernel.org>
Diffstat (limited to 'tools/slub')
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/slub/slabinfo.c b/tools/slub/slabinfo.c
index 868cc93f7ac2..cc1a378f9c06 100644
--- a/tools/slub/slabinfo.c
+++ b/tools/slub/slabinfo.c
@@ -1145,7 +1145,7 @@ static void read_slab_dir(void)
switch (de->d_type) {
case DT_LNK:
alias->name = strdup(de->d_name);
- count = readlink(de->d_name, buffer, sizeof(buffer));
+ count = readlink(de->d_name, buffer, sizeof(buffer)-1);
if (count < 0)
fatal("Cannot read symlink %s\n", de->d_name);