From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <whitebox@nefkom.net>
Received: from mail-out.m-online.net (mail-out.m-online.net
 [IPv6:2001:a60:0:28:0:1:25:1])
 by sourceware.org (Postfix) with ESMTPS id B2B6A3857C4D;
 Tue, 18 Jan 2022 13:30:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B2B6A3857C4D
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none)
 header.from=linux-m68k.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nefkom.net
Received: from frontend01.mail.m-online.net (unknown [192.168.8.182])
 by mail-out.m-online.net (Postfix) with ESMTP id 4JdV5B6hP6z1sFhY;
 Tue, 18 Jan 2022 14:30:22 +0100 (CET)
Received: from localhost (dynscan1.mnet-online.de [192.168.6.70])
 by mail.m-online.net (Postfix) with ESMTP id 4JdV5B35YNz1qqkG;
 Tue, 18 Jan 2022 14:30:22 +0100 (CET)
X-Virus-Scanned: amavisd-new at mnet-online.de
Received: from mail.mnet-online.de ([192.168.8.182])
 by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new,
 port 10024)
 with ESMTP id ry6XaJdq4-4v; Tue, 18 Jan 2022 14:30:21 +0100 (CET)
X-Auth-Info: gBe54LcbutMrn4mtVwR+Dd+9RiBrdCYB76TIb9rioP9gODVxz0aTV/g48aV4exk4
Received: from igel.home (ppp-46-244-174-214.dynamic.mnet-online.de
 [46.244.174.214])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.mnet-online.de (Postfix) with ESMTPSA;
 Tue, 18 Jan 2022 14:30:21 +0100 (CET)
Received: by igel.home (Postfix, from userid 1000)
 id 9DEF62C39F0; Tue, 18 Jan 2022 14:30:17 +0100 (CET)
From: Andreas Schwab <schwab@linux-m68k.org>
To: Siddhesh Poyarekar <siddhesh@sourceware.org>
Cc: Siddhesh Poyarekar via Libc-alpha <libc-alpha@sourceware.org>,
 fweimer@redhat.com,  Qualys Security Advisory <qsa@qualys.com>
Subject: Re: [PATCH 3/3] getcwd: Set errno to ERANGE for size == 1
 (CVE-2021-3999)
References: <20220118090728.1825487-1-siddhesh@sourceware.org>
 <20220118090728.1825487-4-siddhesh@sourceware.org>
 <87a6ft8dmy.fsf@igel.home>
 <149b2d34-a393-06e3-5dff-59a3885d208b@sourceware.org>
 <871r1589v5.fsf@igel.home>
 <4f6c58a4-7176-538f-63c5-827ee1f8f9a7@sourceware.org>
X-Yow: Th' PINK SOCK... soaking... soaking... soaking...
 Th' PINK SOCK... washing... washing... washing...
 Th' PINK SOCK... rinsing... rinsing... rinsing...
Date: Tue, 18 Jan 2022 14:30:17 +0100
In-Reply-To: <4f6c58a4-7176-538f-63c5-827ee1f8f9a7@sourceware.org> (Siddhesh
 Poyarekar's message of "Tue, 18 Jan 2022 18:46:36 +0530")
Message-ID: <87wnix6uja.fsf@igel.home>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,
 HEADER_FROM_DIFFERENT_DOMAINS, KAM_DMARC_STATUS, RCVD_IN_DNSWL_LOW,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2022 13:30:24 -0000

On Jan 18 2022, Siddhesh Poyarekar wrote:

> On 18/01/2022 18:43, Andreas Schwab wrote:
>> On Jan 18 2022, Siddhesh Poyarekar wrote:
>> 
>>> We then process it to try and get the cwd anyway by using the posix
>>> variant.
>> Which returns the appropriate error.
>> 
>
> In the specific case of an unprivileged mount on the same directory, it
> ends up underflowing the buffer before returning.

No, it returns with ERANGE.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."