diff options
| author | David Howells <dhowells@redhat.com> | 2014-01-15 15:07:06 +0000 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2014-01-15 15:07:06 +0000 |
| commit | ed72a1dfc56a4f5428affb1659d6812d54e392c5 (patch) | |
| tree | 18b34c8b7e8acda6165876a8ed95cab99e0863fe | |
| parent | 9d22b9b8be886b01d0e929d658b39afc729241eb (diff) | |
| download | keyutils-ed72a1dfc56a4f5428affb1659d6812d54e392c5.tar.gz | |
Lib: Check the description string is NUL-terminated when retrieved
Check the description string is NUL-terminated retrieved by keyctl_describe()
included a NUL-terminator in its length.
Signed-off-by: David Howells <dhowells@redhat.com>
| -rw-r--r-- | keyutils.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -110,7 +110,11 @@ long keyctl_setperm(key_serial_t id, key_perm_t perm) long keyctl_describe(key_serial_t id, char *buffer, size_t buflen) { - return keyctl(KEYCTL_DESCRIBE, id, buffer, buflen); + long ret = keyctl(KEYCTL_DESCRIBE, id, buffer, buflen); + + if (ret == 0 || (ret > 0 && !buffer[ret - 1])) + abort(); + return ret; } long keyctl_clear(key_serial_t ringid) |