[lxc-devel] [PATCH] Do not use strlen() on non-null terminated buffer
Christian Brauner
christianvanbrauner at gmail.com
Mon Sep 7 21:41:35 UTC 2015
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
---
src/lxc/lxccontainer.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 932d658..fb99892 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1989,7 +1989,7 @@ static bool mod_rdep(struct lxc_container *c0, struct lxc_container *c, bool inc
char newpath[MAXPATHLEN];
int fd, ret, n = 0, v = 0;
bool bret = false;
- size_t len;
+ size_t len, difflen;
if (container_disk_lock(c0))
return false;
@@ -2072,19 +2072,22 @@ static bool mod_rdep(struct lxc_container *c0, struct lxc_container *c, bool inc
/* mmap()ed memory is only \0-terminated when it is not
* a multiple of a pagesize. Hence, we'll use memmem(). */
- if ((del = memmem(buf, fbuf.st_size, newpath, len))) {
- /* remove container entry */
- memmove(del, del + len, strlen(del) - len + 1);
-
- munmap(buf, fbuf.st_size);
-
- if (ftruncate(fd, fbuf.st_size - len) < 0) {
- SYSERROR("Failed to truncate file %s", path);
- close(fd);
- goto out;
- }
- } else {
- munmap(buf, fbuf.st_size);
+ if ((del = memmem(buf, fbuf.st_size, newpath, len))) {
+ /* remove container entry */
+ if (del != buf + fbuf.st_size - len) {
+ difflen = fbuf.st_size - (del-buf);
+ memmove(del, del + len, strnlen(del, difflen) - len);
+ }
+
+ munmap(buf, fbuf.st_size);
+
+ if (ftruncate(fd, fbuf.st_size - len) < 0) {
+ SYSERROR("Failed to truncate file %s", path);
+ close(fd);
+ goto out;
+ }
+ } else {
+ munmap(buf, fbuf.st_size);
}
close(fd);
--
2.5.1
More information about the lxc-devel
mailing list