libusbgx: Fix readlink/buffer overrun issue. CID#56130, CID#56129

Readlink() can return the total length of the buffer (here 4096/USBG_MAX_PATH_LENGTH),
so we do not want to dereference target[4096] as that would give an off by one error.

Signed-off-by: Philippe De Swert <philippe.deswert@jollamobile.com>
[Port from libusbg and update description]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>

diff --git a/src/usbg.c b/src/usbg.c
index d73943c..5d9c083 100644 (file)
--- a/src/usbg.c
+++ b/src/usbg.c
@@ -850,7 +850,7 @@ static int usbg_parse_config_binding(usbg_config *c, char *bpath,
        usbg_function *f;
        usbg_binding *b;
 
-       nmb = readlink(bpath, target, sizeof(target));
+       nmb = readlink(bpath, target, sizeof(target) - 1 );
        if (nmb < 0) {
                ret = usbg_translate_error(errno);
                goto out;