diff options
author | David Howells <dhowells@redhat.com> | 2014-01-15 15:07:06 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-01-15 15:07:06 +0000 |
commit | ed72a1dfc56a4f5428affb1659d6812d54e392c5 (patch) | |
tree | 18b34c8b7e8acda6165876a8ed95cab99e0863fe | |
parent | 9d22b9b8be886b01d0e929d658b39afc729241eb (diff) | |
download | keyutils-ed72a1dfc56a4f5428affb1659d6812d54e392c5.tar.gz |
Lib: Check the description string is NUL-terminated when retrieved
Check the description string is NUL-terminated retrieved by keyctl_describe()
included a NUL-terminator in its length.
Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r-- | keyutils.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -110,7 +110,11 @@ long keyctl_setperm(key_serial_t id, key_perm_t perm) long keyctl_describe(key_serial_t id, char *buffer, size_t buflen) { - return keyctl(KEYCTL_DESCRIBE, id, buffer, buflen); + long ret = keyctl(KEYCTL_DESCRIBE, id, buffer, buflen); + + if (ret == 0 || (ret > 0 && !buffer[ret - 1])) + abort(); + return ret; } long keyctl_clear(key_serial_t ringid) |