This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Hi! While looking at util-linux realpath, I found that even glibc realpath can do weird things. __getcwd if it fails does not have to NULL terminate rpath (and in case of ENAMETOOLONG the path is not NULL terminated either), but then at error: we strcpy(resource, rpath); which might be very long string. 2000-02-03 Jakub Jelinek <jakub@redhat.com> * stdlib/canonicalize.c (canonicalize): Zero terminate path to copy on error. --- canonicalize.c.jj Tue Feb 9 10:35:10 1999 +++ canonicalize.c Thu Feb 3 16:24:16 2000 @@ -76,7 +76,10 @@ canonicalize (const char *name, char *re if (name[0] != '/') { if (!__getcwd (rpath, path_max)) - goto error; + { + rpath[0] = '\0'; + goto error; + } dest = strchr (rpath, '\0'); } else @@ -122,6 +125,9 @@ canonicalize (const char *name, char *re if (resolved) { __set_errno (ENAMETOOLONG); + if (dest > rpath + 1) + dest--; + *dest = '\0'; goto error; } new_size = rpath_limit - rpath; Cheers, Jakub ___________________________________________________________________ Jakub Jelinek | jakub@redhat.com | http://sunsite.mff.cuni.cz/~jj Linux version 2.3.41 on a sparc64 machine (1343.49 BogoMips) ___________________________________________________________________
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |