From 209f1c22577c2314a896de997bd7939fab2e3d52 Mon Sep 17 00:00:00 2001
From: Nickolai Zeldovich <kolya@mit.edu>
Date: Mon, 18 Mar 2002 03:03:04 +0000
Subject: [PATCH] Allocate the exact string length needed for the string in
 symlink contents, rather than assuming that symlink data never contains nulls
 (or that it's of the length we expect).

---
 src/afs/VNOPS/afs_vnop_symlink.c | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/afs/VNOPS/afs_vnop_symlink.c b/src/afs/VNOPS/afs_vnop_symlink.c
index 677e342ba..2e1826424 100644
--- a/src/afs/VNOPS/afs_vnop_symlink.c
+++ b/src/afs/VNOPS/afs_vnop_symlink.c
@@ -230,7 +230,7 @@ afs_MemHandleLink(avc, areq)
      struct vrequest *areq;
   {
       register struct dcache *tdc;
-      register char *tp;
+      register char *tp, *rbuf;
       afs_size_t offset, len;
       afs_int32 tlen, alen;
       register afs_int32 code;
@@ -252,15 +252,19 @@ afs_MemHandleLink(avc, areq)
 	  }
 	  if (avc->m.Mode	& 0111)	alen = len+1;	/* regular link */
 	  else alen = len;			/* mt point */
-          tp = afs_osi_Alloc(alen); /* make room for terminating null */
+	  rbuf = (char *) osi_AllocLargeSpace(AFS_LRALLOCSIZ);
 	  ObtainReadLock(&tdc->lock);
           addr = afs_MemCacheOpen(tdc->f.inode);
 	  tlen = len;
-          code = afs_MemReadBlk(addr, 0, tp, tlen);
+          code = afs_MemReadBlk(addr, 0, rbuf, tlen);
 	  afs_MemCacheClose(addr);
 	  ReleaseReadLock(&tdc->lock);
-	  tp[alen-1] = 0;
 	  afs_PutDCache(tdc);
+	  rbuf[alen-1] = 0;
+	  alen = strlen(rbuf) + 1;
+	  tp = afs_osi_Alloc(alen); /* make room for terminating null */
+	  memcpy(tp, rbuf, alen);
+	  osi_FreeLargeSpace(rbuf);
 	  if (code != len) {
 	      afs_osi_Free(tp, alen);
 	      return EIO;
@@ -275,7 +279,7 @@ afs_UFSHandleLink(avc, areq)
     struct vrequest *areq; 
 {
     register struct dcache *tdc;
-    register char *tp;
+    register char *tp, *rbuf;
     char *tfile;
     afs_size_t offset, len;
     afs_int32 tlen, alen;
@@ -298,17 +302,21 @@ afs_UFSHandleLink(avc, areq)
 	    afs_PutDCache(tdc);
 	    return EFAULT;
 	}
-	ObtainReadLock(&tdc->lock);
-	tfile = osi_UFSOpen (tdc->f.inode);
 	if (avc->m.Mode	& 0111)	alen = len+1;	/* regular link */
 	else alen = len;			/* mt point */
-	tp = afs_osi_Alloc(alen);		/* make room for terminating null */
+	rbuf = (char *) osi_AllocLargeSpace(AFS_LRALLOCSIZ);
 	tlen = len;
-	code = afs_osi_Read(tfile, -1, tp, tlen);
-	tp[alen-1] = 0;
+	ObtainReadLock(&tdc->lock);
+	tfile = osi_UFSOpen (tdc->f.inode);
+	code = afs_osi_Read(tfile, -1, rbuf, tlen);
 	osi_UFSClose(tfile);
 	ReleaseReadLock(&tdc->lock);
 	afs_PutDCache(tdc);
+	rbuf[alen-1] = '\0';
+	alen = strlen(rbuf) + 1;
+	tp = afs_osi_Alloc(alen);	/* make room for terminating null */
+	memcpy(tp, rbuf, alen);
+	osi_FreeLargeSpace(rbuf);
 	if (code != tlen) {
 	    afs_osi_Free(tp, alen);
 	    return EIO;
-- 
2.39.5