The readlink() function reads where a link points to. The function with its arguments is
readlink(link, buf, len);
.
Non-Compliant Code Example
readlink()
never 0-terminates by itself, so you have to do it by yourself. People often seem to forget this, leading to infoleaks or sometimes memory corruption. Another thing people like to do is
len = readlink(link, buf, sizeof(buf)); buf[len] = '\0';
There are two problems here. readlink()
can return -1 if it fails, hence causing an off-by-one underflow, so always check the readlink
return value. The other problem that can occur is that readlink
returns how many bytes got written to the buffer. In this case it can write up to sizeof(buf)
bytes. If it does, you basically end up doing
buf[sizeof(buf)] = '\0';
, which is an off-by-one overflow.
Compliant Solution
#include <unistd.h> char buf[1024]; ssizet_t len; ... if ((len = readlink("/modules/pass1", buf, sizeof(buf)-1)) != -1) buf[len] = '\0';