public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/6654] New: realpath contains off-by-one errors
@ 2008-06-18 13:10 john at calva dot com
2008-06-25 13:04 ` [Bug libc/6654] " halesh dot sadashiv at ap dot sony dot com
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: john at calva dot com @ 2008-06-18 13:10 UTC (permalink / raw)
To: glibc-bugs
In realpath (stdlib/canonicalize.c) we have:
#ifdef PATH_MAX
path_max = PATH_MAX;
#else
path_max = pathconf (name, _PC_PATH_MAX);
if (path_max <= 0)
path_max = 1024;
#endif
[...]
char *buf = __alloca (path_max);
[...]
n = __readlink (rpath, buf, path_max);
if (n < 0)
goto error;
buf[n] = '\0';
readlink would be quite happy to fill all path_max bytes of buf, returning
path_max as n, then we'll write into buf[path_max] which is one byte beyond the
allocated space.
Need either +1 on the alloca or -1 on the readlink.
--
Summary: realpath contains off-by-one errors
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: john at calva dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug libc/6654] realpath contains off-by-one errors
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
@ 2008-06-25 13:04 ` halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: halesh dot sadashiv at ap dot sony dot com @ 2008-06-25 13:04 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From halesh dot sadashiv at ap dot sony dot com 2008-06-25 13:03 -------
Created an attachment (id=2795)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=2795&action=view)
Testcase to verify the problem in __realpath()
Hi,
Even though the raised defect occurs in realtime hardly, I have tried
to prove with small testcode.
By executing the attached testcase I found the o/p like this
$ ./test_realpath
Softlinked file before calling realpath: lfile
Actual_path got from realpath /home/halesh/simple.exp.t
Softlinked file after calling realpath:
After calling the realpath() API, the varibale which had softlink file
name will get currupted because of overwriting '\0' in __realpath()
of stdlib/canonicalize.c
char*
__realpath (const char *name, char *resolved)
{
[...]
n = __readlink (rpath, buf, path_max);
if (n < 0)
goto error;
buf[n] = '\0';
[...]
}
After applaying the patch..the o/p was proper
$ ./test_realpath
Softlinked file before calling realpath: lfile
Actual_path got from realpath /home/halesh/simple.exp.
Softlinked file after calling realpath: lfile
If any comments please let me know.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug libc/6654] realpath contains off-by-one errors
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
2008-06-25 13:04 ` [Bug libc/6654] " halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
@ 2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:06 ` halesh dot sadashiv at ap dot sony dot com
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: halesh dot sadashiv at ap dot sony dot com @ 2008-06-25 13:05 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From halesh dot sadashiv at ap dot sony dot com 2008-06-25 13:04 -------
Created an attachment (id=2797)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=2797&action=view)
PATCH
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug libc/6654] realpath contains off-by-one errors
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
2008-06-25 13:04 ` [Bug libc/6654] " halesh dot sadashiv at ap dot sony dot com
@ 2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: halesh dot sadashiv at ap dot sony dot com @ 2008-06-25 13:05 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From halesh dot sadashiv at ap dot sony dot com 2008-06-25 13:04 -------
Created an attachment (id=2796)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=2796&action=view)
PATHCH
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug libc/6654] realpath contains off-by-one errors
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
` (2 preceding siblings ...)
2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
@ 2008-06-25 13:06 ` halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:31 ` halesh dot sadashiv at ap dot sony dot com
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: halesh dot sadashiv at ap dot sony dot com @ 2008-06-25 13:06 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2796 is|0 |1
obsolete| |
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug libc/6654] realpath contains off-by-one errors
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
` (3 preceding siblings ...)
2008-06-25 13:06 ` halesh dot sadashiv at ap dot sony dot com
@ 2008-06-25 13:31 ` halesh dot sadashiv at ap dot sony dot com
2008-06-26 0:02 ` drepper at redhat dot com
2008-06-26 7:51 ` john at calva dot com
6 siblings, 0 replies; 8+ messages in thread
From: halesh dot sadashiv at ap dot sony dot com @ 2008-06-25 13:31 UTC (permalink / raw)
To: glibc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2797 is|0 |1
obsolete| |
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug libc/6654] realpath contains off-by-one errors
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
` (4 preceding siblings ...)
2008-06-25 13:31 ` halesh dot sadashiv at ap dot sony dot com
@ 2008-06-26 0:02 ` drepper at redhat dot com
2008-06-26 7:51 ` john at calva dot com
6 siblings, 0 replies; 8+ messages in thread
From: drepper at redhat dot com @ 2008-06-26 0:02 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2008-06-26 00:01 -------
Your test program is wrong (the buffer must be PATH_MAX in size) and the patch
is wrong (you cut out the last character). There is also no problem on any
platform defining PATH_MAX (incl Linux) since readlink can never return a value
> PATH_MAX-1.
There is a potential problem on platforms without PATH_MAX (i.e., Hurd). So I
added a patch.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug libc/6654] realpath contains off-by-one errors
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
` (5 preceding siblings ...)
2008-06-26 0:02 ` drepper at redhat dot com
@ 2008-06-26 7:51 ` john at calva dot com
6 siblings, 0 replies; 8+ messages in thread
From: john at calva dot com @ 2008-06-26 7:51 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From john at calva dot com 2008-06-26 07:51 -------
Subject: Re: realpath contains off-by-one errors
drepper at redhat dot com wrote:
> ------- Additional Comments From drepper at redhat dot com 2008-06-26 00:01 -------
> Your test program is wrong (the buffer must be PATH_MAX in size) and the patch
> is wrong (you cut out the last character). There is also no problem on any
> platform defining PATH_MAX (incl Linux) since readlink can never return a value
>
>> PATH_MAX-1.
>>
>
> There is a potential problem on platforms without PATH_MAX (i.e., Hurd). So I
> added a patch.
>
>
Aha:
/usr/include/linux/limits.h:#define PATH_MAX 4096 /* # chars in a path name including nul */
So, since readlink doesn't return the null the max return from readlink
is (PATH_MAX-1) bytes, as you say.
(Your patch is to call readlink with (path_max -1), right?)
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6654
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2008-06-26 7:51 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-06-18 13:10 [Bug libc/6654] New: realpath contains off-by-one errors john at calva dot com
2008-06-25 13:04 ` [Bug libc/6654] " halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:05 ` halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:06 ` halesh dot sadashiv at ap dot sony dot com
2008-06-25 13:31 ` halesh dot sadashiv at ap dot sony dot com
2008-06-26 0:02 ` drepper at redhat dot com
2008-06-26 7:51 ` john at calva dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).