From 92423a466e2ec4646624204eafc930297197664c Mon Sep 17 00:00:00 2001 From: Pavel Roskin Date: Thu, 10 Nov 2016 17:43:36 -0800 Subject: [PATCH] Fix potential buffer overflow in strncat() invocation strncat() will copy at most the specified number of characters and append the null character on top of that. strlen() doesn't count the final null character. --- sesman/chansrv/chansrv_fuse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sesman/chansrv/chansrv_fuse.c b/sesman/chansrv/chansrv_fuse.c index 6e0583bd..5891c955 100644 --- a/sesman/chansrv/chansrv_fuse.c +++ b/sesman/chansrv/chansrv_fuse.c @@ -2200,7 +2200,7 @@ static void xfuse_remove_dir_or_file(fuse_req_t req, fuse_ino_t parent, } strcat(full_path, "/"); - strncat(full_path, name, sizeof(full_path) - strlen(full_path)); + strncat(full_path, name, sizeof(full_path) - strlen(full_path) - 1); if (xinode->is_loc_resource) {