This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/22679] getcwd(3) can succeed without returning an absolute path (CVE-2018-1000001)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 12 Jan 2018 14:56:43 +0000
- Subject: [Bug libc/22679] getcwd(3) can succeed without returning an absolute path (CVE-2018-1000001)
- Auto-submitted: auto-generated
- References: <bug-22679-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=22679
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 (commit)
from 249a5895f120b13290a372a49bb4b499e749806f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
commit 52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
Author: Dmitry V. Levin <ldv@altlinux.org>
Date: Sun Jan 7 02:03:41 2018 +0000
linux: make getcwd(3) fail if it cannot obtain an absolute path [BZ #22679]
Currently getcwd(3) can succeed without returning an absolute path
because the underlying getcwd syscall, starting with linux commit
v2.6.36-rc1~96^2~2, may succeed without returning an absolute path.
This is a conformance issue because "The getcwd() function shall
place an absolute pathname of the current working directory
in the array pointed to by buf, and return buf".
This is also a security issue because a non-absolute path returned
by getcwd(3) causes a buffer underflow in realpath(3).
Fix this by checking the path returned by getcwd syscall and falling
back to generic_getcwd if the path is not absolute, effectively making
getcwd(3) fail with ENOENT. The error code is chosen for consistency
with the case when the current directory is unlinked.
[BZ #22679]
CVE-2018-1000001
* sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to
generic_getcwd if the path returned by getcwd syscall is not absolute.
* io/tst-getcwd-abspath.c: New test.
* io/Makefile (tests): Add tst-getcwd-abspath.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 9 +++
NEWS | 4 ++
io/Makefile | 2 +-
.../tst-getcwd-abspath.c | 54 +++++++++++--------
sysdeps/unix/sysv/linux/getcwd.c | 8 ++--
5 files changed, 49 insertions(+), 28 deletions(-)
copy iconv/tst-gconv-init-failure.c => io/tst-getcwd-abspath.c (50%)
--
You are receiving this mail because:
You are on the CC list for the bug.