From patchwork Mon Dec  5 17:23:29 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <chuck.lever@oracle.com>
X-Patchwork-Id: 129376
Return-Path: <fedfs-utils-devel-bounces@oss.oracle.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "acsinet15.oracle.com",
	Issuer "VeriSign Class 3 International Server CA - G3" (verified OK))
	by ozlabs.org (Postfix) with ESMTPS id 33CC61007D4
	for <incoming@patchwork.ozlabs.org>;
	Tue,  6 Dec 2011 04:23:44 +1100 (EST)
Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238])
	by acsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id
	pB5HNd4n011709
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 5 Dec 2011 17:23:40 GMT
Received: from oss.oracle.com (oss.oracle.com [141.146.12.120])
	by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	pB5HNdFW023929
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 5 Dec 2011 17:23:39 GMT
Received: from localhost ([127.0.0.1] helo=oss.oracle.com)
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <fedfs-utils-devel-bounces@oss.oracle.com>)
	id 1RXcGL-0003gX-UR; Mon, 05 Dec 2011 09:23:33 -0800
Received: from acsinet13.oracle.com ([141.146.126.235])
	by oss.oracle.com with esmtp (Exim 4.63)
	(envelope-from <chucklever@gmail.com>) id 1RXcGL-0003gQ-0E
	for fedfs-utils-devel@oss.oracle.com; Mon, 05 Dec 2011 09:23:33 -0800
Received: from mail-gy0-f171.google.com (mail-gy0-f171.google.com
	[209.85.160.171])
	by acsinet13.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id
	pB5HNV1d003021
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL)
	for <fedfs-utils-devel@oss.oracle.com>; Mon, 5 Dec 2011 17:23:32 GMT
Received: by ghrr15 with SMTP id r15so2610874ghr.2
	for <fedfs-utils-devel@oss.oracle.com>;
	Mon, 05 Dec 2011 09:23:30 -0800 (PST)
Received: by 10.50.216.137 with SMTP id oq9mr11055857igc.40.1323105810483;
	Mon, 05 Dec 2011 09:23:30 -0800 (PST)
Received: from degas.1015granger.net
	(adsl-99-26-161-222.dsl.sfldmi.sbcglobal.net. [99.26.161.222])
	by mx.google.com with ESMTPS id
	wo4sm43745050igc.5.2011.12.05.09.23.29
	(version=TLSv1/SSLv3 cipher=OTHER);
	Mon, 05 Dec 2011 09:23:29 -0800 (PST)
From: Chuck Lever <chuck.lever@oracle.com>
To: fedfs-utils-devel@oss.oracle.com
Date: Mon, 05 Dec 2011 12:23:29 -0500
Message-ID: <20111205172328.7753.34744.stgit@degas.1015granger.net>
In-Reply-To: <20111205171929.7753.36203.stgit@degas.1015granger.net>
References: <20111205171929.7753.36203.stgit@degas.1015granger.net>
User-Agent: StGIT/0.14.3
MIME-Version: 1.0
X-Flow-Control-Info: class=ISPs ip=209.85.160.171 ct-class=R6 ct-vol1=0
	ct-vol2=0 ct-vol3=0 ct-risk=68 ct-spam1=0 ct-spam2=0 ct-bulk=0
	rcpts=1 size=920
Subject: [fedfs-utils] [PATCH 3/9] mount: avoid two-byte heap write overrun
X-BeenThere: fedfs-utils-devel@oss.oracle.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: fedfs-utils Developers <fedfs-utils-devel@oss.oracle.com>
List-Id: fedfs-utils Developers <fedfs-utils-devel.oss.oracle.com>
List-Unsubscribe: <http://oss.oracle.com/mailman/listinfo/fedfs-utils-devel>,
	<mailto:fedfs-utils-devel-request@oss.oracle.com?subject=unsubscribe>
List-Archive: <http://oss.oracle.com/pipermail/fedfs-utils-devel>
List-Post: <mailto:fedfs-utils-devel@oss.oracle.com>
List-Help: <mailto:fedfs-utils-devel-request@oss.oracle.com?subject=help>
List-Subscribe: <http://oss.oracle.com/mailman/listinfo/fedfs-utils-devel>,
	<mailto:fedfs-utils-devel-request@oss.oracle.com?subject=subscribe>
Sender: fedfs-utils-devel-bounces@oss.oracle.com
Errors-To: fedfs-utils-devel-bounces@oss.oracle.com
X-Source-IP: acsinet22.oracle.com [141.146.126.238]
X-CT-RefId: str=0001.0A020202.4EDCFE1C.019E:SCFSTAT1119972, ss=1, re=-4.000,
	fgs=0
X-Auth-Type: Internal IP

From: Jim Meyering <meyering@redhat.com>

* src/mount/main.c (try_mount): Correct off-by-two under-allocation.
Rather than allocating space for strlen(S)+1, it allocates space
for strlen(S+1), which is shorter by two.  Spotted by coverity.

Introduced by commit bfe6aa7f: "mount.fedfs: Overhaul mount.fedfs
CLI," (April 1, 2011).

Signed-off-by: Jim Meyering <meyering@redhat.com>
---

 src/mount/main.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/mount/main.c b/src/mount/main.c
index f76f355..b49d152 100644
--- a/src/mount/main.c
+++ b/src/mount/main.c
@@ -384,7 +384,7 @@ try_mount(const char *source, const char *target, const char *text_options)
 	} else {
 		char *tmp;
 
-		tmp = malloc(strlen(remaining + 1));
+		tmp = malloc(strlen(remaining) + 1);
 		if (tmp == NULL) {
 			fprintf(stderr, _("%s: No memory\n"), progname);
 			remaining = NULL;