[PATCH 09/11] discover: Null-terminate buffer in user_event_process()

Thu Nov 12 15:34:39 AEDT 2015

Fixes Coverity defect #30480

Signed-off-by: Samuel Mendoza-Jonas <sam.mj at au1.ibm.com>
---
 discover/user-event.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/discover/user-event.c b/discover/user-event.c
index 69defa3..8cad1a9 100644
--- a/discover/user-event.c
+++ b/discover/user-event.c
@@ -488,10 +488,10 @@ static void user_event_handle_message(struct user_event *uev, char *buf,
 static int user_event_process(void *arg)
 {
 	struct user_event *uev = arg;
-	char buf[PBOOT_USER_EVENT_SIZE];
+	char buf[PBOOT_USER_EVENT_SIZE + 1];
 	int len;
 
-	len = recvfrom(uev->socket, buf, sizeof(buf), 0, NULL, NULL);
+	len = recvfrom(uev->socket, buf, PBOOT_USER_EVENT_SIZE, 0, NULL, NULL);
 
 	if (len < 0) {
 		pb_log("%s: socket read failed: %s", __func__, strerror(errno));
@@ -503,6 +503,8 @@ static int user_event_process(void *arg)
 		return 0;
 	}
 
+	buf[len] = '\0';
+
 	pb_debug("%s: %u bytes\n", __func__, len);
 
 	user_event_handle_message(uev, buf, len);
-- 
2.6.2

