linuxlinux-kernelposixsystem-callsreadlink

Why doesn't readlink return a null-terminated value?


Both The Single UNIX ® Specification, Version 2 (1997) and The Open Group Base Specifications Issue 6 (2004) require that readlink would not place a null-terminated value in buffer:

APPLICATION USAGE

Conforming applications should not assume that the returned contents of the symbolic link are null-terminated.

What are the considerations in not null-terminating buffer? Couldn't it pose a security risk when readlink isn't properly used?


Solution

  • What are the considerations in not null-terminating buffer?

    As indicated by the documentation, portability. Most probably there exists(-ed?) wide used implementations of readlink that do not null-terminate the buffer.

    Couldn't it pose a security risk when readlink isn't properly used?

    Every piece of bad code that uses something not properly I guess poses a security risk. The programmer is responsible for writing good code that has no security risks. The examples section of posix page shows the proper usage of readlink.