From 417a4b046dbf1aa430237ceb192d65cdb3381a05 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.de>
Date: Fri, 29 Jan 2010 10:15:15 +1100
Subject: [PATCH] mdmon: fix fd leak and possible buffer overrun.

We normally wouldn't close 'fd', and as 'buf' might not have
had a nul, strstr could have overrun it.

Signed-off-by: NeilBrown <neilb@suse.de>
---
 mdmon.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/mdmon.c b/mdmon.c
index 0ec4259..723c1a0 100644
--- a/mdmon.c
+++ b/mdmon.c
@@ -180,6 +180,7 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	char buf[100];
 	int fd;
 	struct mdstat_ent *mdstat;
+	int n;
 
 	/* first rule of survival... don't off yourself */
 	if (pid == getpid())
@@ -191,12 +192,11 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	if (fd < 0)
 		return;
 
-	if (read(fd, buf, sizeof(buf)) < 0) {
-		close(fd);
-		return;
-	}
+	n = read(fd, buf, sizeof(buf)-1);
+	buf[sizeof(buf)-1] = 0;
+	close(fd);
 
-	if (!strstr(buf, "mdmon"))
+	if (n < 0 || !strstr(buf, "mdmon"))
 		return;
 
 	kill(pid, SIGTERM);