gssd: NULL-terminate buffer after read in read_service_info (try #2)

Valgrind complains that we're passing an unintialized buffer to sscanf
here. The main problem seems to be that we're not ensuring that the
buffer is NULL terminated before we pass it off.

This is the second version of this patch, the first one did not increase
the buffer allocation by 1 which could have led to clobbering the next
byte on the stack if nbytes == INFOBUFLEN.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 295c37dfaa5ba515ef5ac9ffd6c5a2b9219050f7..fb97a13e7e2761673d130397a2318db2fbf156e7 100644 (file)
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -107,7 +107,7 @@ static int
 read_service_info(char *info_file_name, char **servicename, char **servername,
                  int *prog, int *vers, char **protocol, int *port) {
 #define INFOBUFLEN 256
-       char            buf[INFOBUFLEN];
+       char            buf[INFOBUFLEN + 1];
        static char     dummy[128];
        int             nbytes;
        static char     service[128];
@@ -132,6 +132,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
        if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
                goto fail;
        close(fd);
+       buf[nbytes] = '\0';
 
        numfields = sscanf(buf,"RPC server: %127s\n"
                   "service: %127s %15s version %15s\n"