read_ns_sys_file(): don't overrun buf

This is a classical off-by-one error. If sizeof(buf) is 512, the last element is buf[511] but not buf[512]. Note that if read() returns 0, we return 0 but buf stays uninitialized. Reported by Coverity, CID 114623. Signed-off-by: Kir Kolyshkin <kir@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

read_ns_sys_file(): don't overrun buf
This is a classical off-by-one error. If sizeof(buf) is 512, the last element is buf[511] but not buf[512]. Note that if read() returns 0, we return 0 but buf stays uninitialized. Reported by Coverity, CID 114623. Signed-off-by: Kir Kolyshkin <kir@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
ec863205 · Kir Kolyshkin · Pavel Emelyanov · 377763e5 · ec863205
Commit ec863205 authored Oct 07, 2015 by Kir Kolyshkin Committed by Pavel Emelyanov Oct 07, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

net.c net.c +2 -2

No files found.
--- a/net.c
+++ b/net.c
@@ -45,8 +45,8 @@ int read_ns_sys_file(char *path, char *buf, int len)
 	rlen = read(fd, buf, len);
 	close(fd);
-	if (rlen >= 0)
+	if (rlen > 0)
-		buf[rlen] = '\0';
+		buf[rlen - 1] = '\0';
 	return rlen;
 }