From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) by sourceware.org (Postfix) with ESMTPS id 8BA083857C60 for ; Tue, 18 Jan 2022 13:59:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8BA083857C60 Received: by mail-ot1-x336.google.com with SMTP id m8-20020a9d4c88000000b00592bae7944bso21109077otf.1 for ; Tue, 18 Jan 2022 05:59:46 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=YegzTls8rV077npBXJqEMpNceRsFJtCrdAbCQbEHYeg=; b=x2n1giWYVO6+NcsJW1Pn4LyWVNb5zueskreVz4MOKTw8CKqqDa31lyynTwTlMzKF+b zLcL8smt7SnrqpqgP2VXM0pY5FRbqrLTL4DXzyXTdqzj3BFEZ5lB8BLfX86qM7YL3ER2 baaNuAAa0x3f0Nl5cbg47NIDUwVx00+4kzjAPHEEIjNfkPfHRZXk9eH4E04CbeWRXOT0 C3CeYGolUZfL8X4soNhQqkFO6O3WRzzInD9TDc/frUEEPedlOQo5HKsz4WxCjkrKwhQB jpJ4Jm2r/NGlQJHh/d/Fd1/p6rJU9i6xBhhR+L0bke97BSJNkqPxk+3jUxoPxYAh54ec HT9w== X-Gm-Message-State: AOAM532H/Pkv3ksuesQd6A9xGGh7J8ClqfpQ6g3zlNIyUy+pWnfO3oXj xiocr0D0x0RhJ4Sp9fa+AUzIBw== X-Google-Smtp-Source: ABdhPJzREIruKTSNpxIpsTARWdMJ1eI/NuWq4tpzJXiHGkuyPSbF1ZlrvWd0KWu4cfUohcoli7dOTg== X-Received: by 2002:a05:6830:3108:: with SMTP id b8mr3055235ots.224.1642514385873; Tue, 18 Jan 2022 05:59:45 -0800 (PST) Received: from ?IPV6:2804:431:c7cb:989a:d7f1:4df2:e2ef:5281? ([2804:431:c7cb:989a:d7f1:4df2:e2ef:5281]) by smtp.gmail.com with ESMTPSA id bq13sm4700251oib.23.2022.01.18.05.59.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 18 Jan 2022 05:59:45 -0800 (PST) Message-ID: <57e3ccd2-92e8-dad8-0d1f-e4bdaa10d767@linaro.org> Date: Tue, 18 Jan 2022 10:59:42 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH 3/3] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) Content-Language: en-US To: Siddhesh Poyarekar , Andreas Schwab Cc: fweimer@redhat.com, Qualys Security Advisory , Siddhesh Poyarekar via Libc-alpha References: <20220118090728.1825487-1-siddhesh@sourceware.org> <20220118090728.1825487-4-siddhesh@sourceware.org> <87a6ft8dmy.fsf@igel.home> <149b2d34-a393-06e3-5dff-59a3885d208b@sourceware.org> <871r1589v5.fsf@igel.home> <4f6c58a4-7176-538f-63c5-827ee1f8f9a7@sourceware.org> <87wnix6uja.fsf@igel.home> <82d1a081-9b1f-b2ce-5907-163669feb42e@sourceware.org> <87sftl6u0e.fsf@igel.home> From: Adhemerval Zanella In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2022 13:59:47 -0000 On 18/01/2022 10:45, Siddhesh Poyarekar via Libc-alpha wrote: > On 18/01/2022 19:11, Andreas Schwab wrote: >> On Jan 18 2022, Siddhesh Poyarekar wrote: >> >>> Can you tell me where the reproducer is wrong then? >> >> Is it? >> > > I'm unable to parse your one-liners, can you please elaborate?  I can't even tell for sure what part of the patch you're objecting to. > > Without the patch, the test fails like so: > > error: ../sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c:228: not true: cwd == NULL && errno == ERANGE > buf[9] = 2f > buf[10] = 2f > buf[11] = 00 > error: 4 test failures > > where buf[10] is the single byte that is passed.  Note that buf[9] as well as buf[11] get overwritten.  Not only that, neither getcwd returns a non-NULL value nor is errno ERANGE; I split out the TEST_VERIFY to confirm that both are false. Shouldn't we fix it on posix generic implementation then?