[Bug 11151] New: overflow() at realpath

bugzilla at busybox.net bugzilla at busybox.net
Thu Jul 12 16:13:10 UTC 2018


https://bugs.busybox.net/show_bug.cgi?id=11151

            Bug ID: 11151
           Summary: overflow() at realpath
           Product: uClibc
           Version: 0.9.33.2
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Other
          Assignee: unassigned at uclibc.org
          Reporter: mishra.dhiraj95 at gmail.com
                CC: uclibc-cvs at uclibc.org
  Target Milestone: ---

uClibc

File: canonicalize.c line number 36

According to the documentation of realpath() the output buffer needs to be at
least of size PATH_MAX specifying output buffers large enough to handle the
maximum-size possible result from path manipulation functions. (In that
instance, buf's size comes from uv__fs_pathmax_size(). That function attempts
to use pathconf(path, _PC_PATH_MAX) as noted in the realpath(3) docs)

But over here uv__fs_pathmax_size() nor pathconf(path, _PC_PATH_MAX) is used.

Passing an inadequately-sized output buffer to a path manipulation function can
result in a buffer overflow. Such functions include realpath() readlink()
PathAppend() and others.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the uClibc-cvs mailing list