[Bug 11151] New: overflow() at realpath
bugzilla at busybox.net
bugzilla at busybox.net
Thu Jul 12 16:13:10 UTC 2018
https://bugs.busybox.net/show_bug.cgi?id=11151
Bug ID: 11151
Summary: overflow() at realpath
Product: uClibc
Version: 0.9.33.2
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at uclibc.org
Reporter: mishra.dhiraj95 at gmail.com
CC: uclibc-cvs at uclibc.org
Target Milestone: ---
uClibc
File: canonicalize.c line number 36
According to the documentation of realpath() the output buffer needs to be at
least of size PATH_MAX specifying output buffers large enough to handle the
maximum-size possible result from path manipulation functions. (In that
instance, buf's size comes from uv__fs_pathmax_size(). That function attempts
to use pathconf(path, _PC_PATH_MAX) as noted in the realpath(3) docs)
But over here uv__fs_pathmax_size() nor pathconf(path, _PC_PATH_MAX) is used.
Passing an inadequately-sized output buffer to a path manipulation function can
result in a buffer overflow. Such functions include realpath() readlink()
PathAppend() and others.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the uClibc-cvs
mailing list