From 5a1920f2c26719d825521cfe6a2b78f4ff6eed99 Mon Sep 17 00:00:00 2001
From: Artur Wojcik <artur.wojcik@intel.com>
Date: Thu, 10 Dec 2009 11:52:23 -0700
Subject: [PATCH] Fix for buffer overflow defect in 'link'.

Potential buffer overflow of 'link' caused by user input may occur,
due to non null-terminated string 'link'.

Signed-off-by: Artur Wojcik <artur.wojcik@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 platform-intel.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/platform-intel.c b/platform-intel.c
index d568ca6..b21ff07 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -57,13 +57,17 @@ struct sys_dev *find_driver_devices(const char *bus, const char *driver)
 	if (!driver_dir)
 		return NULL;
 	for (de = readdir(driver_dir); de; de = readdir(driver_dir)) {
+		int n;
+
 		/* is 'de' a device? check that the 'subsystem' link exists and
 		 * that its target matches 'bus'
 		 */
 		sprintf(path, "/sys/bus/%s/drivers/%s/%s/subsystem",
 			bus, driver, de->d_name);
-		if (readlink(path, link, sizeof(link)) < 0)
+		n = readlink(path, link, sizeof(link));
+		if (n < 0 || n >= sizeof(link))
 			continue;
+		link[n] = '\0';
 		c = strrchr(link, '/');
 		if (!c)
 			continue;