mdmon: fix fd leak and possible buffer overrun.

We normally wouldn't close 'fd', and as 'buf' might not have had a nul, strstr could have overrun it. Signed-off-by: NeilBrown <neilb@suse.de>
2010-01-29 10:15:15 +11:00 · 2010-01-29 10:15:15 +11:00 · 417a4b046d
parent 0c8675cbed
commit 417a4b046d
1 changed files with 5 additions and 5 deletions
--- a/mdmon.c
+++ b/mdmon.c
@ -180,6 +180,7 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	char buf[100];
 	int fd;
 	struct mdstat_ent *mdstat;
+	int n;

 	/* first rule of survival... don't off yourself */
 	if (pid == getpid())
@ -191,12 +192,11 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	if (fd < 0)
 		return;

-	if (read(fd, buf, sizeof(buf)) < 0) {
-		close(fd);
-		return;
-	}
+	n = read(fd, buf, sizeof(buf)-1);
+	buf[sizeof(buf)-1] = 0;
+	close(fd);

-	if (!strstr(buf, "mdmon"))
+	if (n < 0 || !strstr(buf, "mdmon"))
 		return;

 	kill(pid, SIGTERM);