libnsm: fix the safer atomic filenames fix

Commit Message

Benjamin Coddington Nov. 26, 2024, 11:32 p.m. UTC

Commit 9f7a91b51ffc ("libnsm: safer atomic filenames") messed up the length
arguement to snprintf() in nsm_make_temp_pathname such that the length is
longer than the computed string.  When compiled with "-O
-D_FORTIFY_SOURCE=3", __snprintf_chk will fail and abort statd.

The fix is to correct the original size calculation, then pull one from the
snprintf length for the final "/".

Fixes: 9f7a91b51ffc ("libnsm: safer atomic filenames")
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
---
 support/nsm/file.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


base-commit: eb5abb5c60ab60f3c2f22518d513ed187f39bd9b

Patch

diff --git a/support/nsm/file.c b/support/nsm/file.c
index e0804136ccbe..6663cac3fb0c 100644
--- a/support/nsm/file.c
+++ b/support/nsm/file.c
@@ -187,7 +187,7 @@  nsm_make_temp_pathname(const char *pathname)
 	char *path, *base;
 	int len;
 
-	size = strlen(pathname) + sizeof(".new") + 3;
+	size = strlen(pathname) + sizeof(".new") + 1;
 	if (size > PATH_MAX)
 		return NULL;
 
@@ -199,7 +199,7 @@  nsm_make_temp_pathname(const char *pathname)
 	strcpy(path, pathname);
 
 	len = base - pathname;
-	len += snprintf(path + len + 1, size-len, ".%s.new", base+1);
+	len += snprintf(path + len + 1, size - len - 1, ".%s.new", base+1);
 	if (error_check(len, size)) {
 		free(path);
 		return NULL;