From ddd09a73be1c25dc1d484b3487f970ce0ffffd16 Mon Sep 17 00:00:00 2001
From: Nickolai Zeldovich <kolya@mit.edu>
Date: Mon, 18 Mar 2002 03:24:10 +0000
Subject: [PATCH] Allocate the exact string length needed for the string in
 symlink contents, rather than assuming that symlink data never contains nulls
 (or that it's of the length we expect).

(cherry picked from commit 209f1c22577c2314a896de997bd7939fab2e3d52)
---
 src/afs/VNOPS/afs_vnop_symlink.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/afs/VNOPS/afs_vnop_symlink.c b/src/afs/VNOPS/afs_vnop_symlink.c
index 4c9676723..3fe6c993b 100644
--- a/src/afs/VNOPS/afs_vnop_symlink.c
+++ b/src/afs/VNOPS/afs_vnop_symlink.c
@@ -224,7 +224,7 @@ afs_MemHandleLink(avc, areq)
      struct vrequest *areq;
   {
       register struct dcache *tdc;
-      register char *tp;
+      register char *tp, *rbuf;
       afs_int32 offset, len, alen;
       register afs_int32 code;
 
@@ -245,10 +245,14 @@ afs_MemHandleLink(avc, areq)
 	  }
 	  if (avc->m.Mode	& 0111)	alen = len+1;	/* regular link */
 	  else alen = len;			/* mt point */
-          tp = afs_osi_Alloc(alen); /* make room for terminating null */
+	  rbuf = (char *) osi_AllocLargeSpace(AFS_LRALLOCSIZ);
           addr = afs_MemCacheOpen(tdc->f.inode);
-          code = afs_MemReadBlk(addr, 0, tp, len);
-	  tp[alen-1] = 0;
+          code = afs_MemReadBlk(addr, 0, rbuf, len);
+	  rbuf[alen-1] = '\0';
+	  alen = strlen(rbuf) + 1;
+          tp = afs_osi_Alloc(alen); /* make room for terminating null */
+	  memcpy(tp, rbuf, alen);
+	  osi_FreeLargeSpace(rbuf);
 	  afs_PutDCache(tdc);
 	  if (code != len) {
 	      afs_osi_Free(tp, alen);
@@ -263,7 +267,7 @@ afs_UFSHandleLink(avc, areq)
     register struct vcache *avc;
     struct vrequest *areq; {
     register struct dcache *tdc;
-    register char *tp;
+    register char *tp, *rbuf;
     char *tfile;
     afs_int32 offset, len, alen;
     register afs_int32 code;
@@ -285,11 +289,15 @@ afs_UFSHandleLink(avc, areq)
 	tfile = osi_UFSOpen (tdc->f.inode);
 	if (avc->m.Mode	& 0111)	alen = len+1;	/* regular link */
 	else alen = len;			/* mt point */
-	tp = afs_osi_Alloc(alen);			/* make room for terminating null */
-	code = afs_osi_Read(tfile, -1, tp, len);
-	tp[alen-1] = 0;
+	rbuf = (char *) osi_AllocLargeSpace(AFS_LRALLOCSIZ);
+	code = afs_osi_Read(tfile, -1, rbuf, len);
+	rbuf[alen-1] = '\0';
 	osi_UFSClose(tfile);
 	afs_PutDCache(tdc);
+	alen = strlen(rbuf) + 1;
+	tp = afs_osi_Alloc(alen);	/* make room for terminating null */
+	memcpy(tp, rbuf, alen);
+	osi_FreeLargeSpace(rbuf);
 	if (code != len) {
 	    afs_osi_Free(tp, alen);
 	    return EIO;
-- 
2.39.5