This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Hi!
While looking at util-linux realpath, I found that even glibc realpath can
do weird things. __getcwd if it fails does not have to NULL terminate rpath
(and in case of ENAMETOOLONG the path is not NULL terminated either), but
then at error: we strcpy(resource, rpath); which might be very long string.
2000-02-03 Jakub Jelinek <jakub@redhat.com>
* stdlib/canonicalize.c (canonicalize): Zero terminate
path to copy on error.
--- canonicalize.c.jj Tue Feb 9 10:35:10 1999
+++ canonicalize.c Thu Feb 3 16:24:16 2000
@@ -76,7 +76,10 @@ canonicalize (const char *name, char *re
if (name[0] != '/')
{
if (!__getcwd (rpath, path_max))
- goto error;
+ {
+ rpath[0] = '\0';
+ goto error;
+ }
dest = strchr (rpath, '\0');
}
else
@@ -122,6 +125,9 @@ canonicalize (const char *name, char *re
if (resolved)
{
__set_errno (ENAMETOOLONG);
+ if (dest > rpath + 1)
+ dest--;
+ *dest = '\0';
goto error;
}
new_size = rpath_limit - rpath;
Cheers,
Jakub
___________________________________________________________________
Jakub Jelinek | jakub@redhat.com | http://sunsite.mff.cuni.cz/~jj
Linux version 2.3.41 on a sparc64 machine (1343.49 BogoMips)
___________________________________________________________________
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |