This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/23347] New: overflow at realpath()
- From: "mishra.dhiraj95 at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 27 Jun 2018 17:57:44 +0000
- Subject: [Bug libc/23347] New: overflow at realpath()
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=23347
Bug ID: 23347
Summary: overflow at realpath()
Product: glibc
Version: 2.27
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: mishra.dhiraj95 at gmail dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
At file /io/tst-getcwd-abspath.c line number 46 which is,
cwd = realpath (".", NULL);
This function does not protect against buffer overflows, and some
implementations can overflow internally such as (CWE-120/CWE-785!).
Ensure that the destination buffer is at least of size MAXPATHLEN, andto
protect against implementation problems, the input argument should also be
checked to ensure it is no larger than MAXPATHLEN.
--
You are receiving this mail because:
You are on the CC list for the bug.