NeilBrown: mdmon: fix fd leak and possible buffer overrun.

[Martin F. Krafft]

Module: mdadm
Branch: upstream
Commit: 417a4b046dbf1aa430237ceb192d65cdb3381a05
URL:    http://git.debian.org/?p=pkg-mdadm/mdadm.git;a=commit;h=417a4b046dbf1aa430237ceb192d65cdb3381a05

Author: NeilBrown <neilb at suse.de>
Date:   Fri Jan 29 10:15:15 2010 +1100

mdmon: fix fd leak and possible buffer overrun.

We normally wouldn't close 'fd', and as 'buf' might not have
had a nul, strstr could have overrun it.

Signed-off-by: NeilBrown <neilb at suse.de>

---

 mdmon.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/mdmon.c b/mdmon.c
index 0ec4259..723c1a0 100644
--- a/mdmon.c
+++ b/mdmon.c
@@ -180,6 +180,7 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	char buf[100];
 	int fd;
 	struct mdstat_ent *mdstat;
+	int n;
 
 	/* first rule of survival... don't off yourself */
 	if (pid == getpid())
@@ -191,12 +192,11 @@ static void try_kill_monitor(pid_t pid, char *devname, int sock)
 	if (fd < 0)
 		return;
 
-	if (read(fd, buf, sizeof(buf)) < 0) {
-		close(fd);
-		return;
-	}
+	n = read(fd, buf, sizeof(buf)-1);
+	buf[sizeof(buf)-1] = 0;
+	close(fd);
 
-	if (!strstr(buf, "mdmon"))
+	if (n < 0 || !strstr(buf, "mdmon"))
 		return;
 
 	kill(pid, SIGTERM);