...
readlink() never 0-terminates by itself, so you have to do it by yourself. People often seem to forget this, leading to infoleaks or sometimes memory corruption. Another thing people like to do is
| Code Block | ||
|---|---|---|
| ||
len = readlink(link, buf, sizeof(buf)); buf[len] = '\0'; |
...
Compliant Solution
| Code Block | ||
|---|---|---|
| ||
#include <unistd.h>
char buf[1024];
ssizet_t len;
...
if ((len = readlink("/modules/pass1", buf, sizeof(buf)-1)) != -1)
buf[len] = '\0';
|
...