On Tuesday 02 February 2016 19:47:12 Richard W.M. Jones wrote:
On Tue, Feb 02, 2016 at 03:27:39PM +0100, Pino Toscano wrote:
> diff --git a/src/launch.c b/src/launch.c
> index f59818f..ec061e3 100644
> --- a/src/launch.c
> +++ b/src/launch.c
> @@ -418,6 +418,21 @@ guestfs_int_get_cpu_model (int kvm)
> #endif
> }
>
> +/* Create the path for a socket with the selected filename in the
> + * tmpdir.
> + */
> +int
> +guestfs_int_create_socketname (guestfs_h *g, const char *filename,
> + char (*sockpath)[UNIX_PATH_MAX])
> +{
> + char *path = g->tmpdir;
> +
> + snprintf (*sockpath, UNIX_PATH_MAX-1, "%s/%s", path, filename);
> + (*sockpath)[UNIX_PATH_MAX-1] = '\0';
What's wrong with:
snprintf (*sockpath, UNIX_PATH_MAX, "%s/%s", path, filename);
If the "$path/$filename" string is longer than UNIX_PATH_MAX, then
*sockpath won't be 0-terminated. Since the line after that always
puts 0 at the end, we can just save one character.
The truncation of long paths always happens with this patch, and that
is what patch #3 addresses.
--
Pino Toscano