From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bird.elm.relay.mailchannels.net (bird.elm.relay.mailchannels.net [23.83.212.17]) by sourceware.org (Postfix) with ESMTPS id C79EB3858034 for ; Tue, 18 Jan 2022 14:44:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C79EB3858034 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 43F3912221A; Tue, 18 Jan 2022 14:44:56 +0000 (UTC) Received: from pdx1-sub0-mail-a306.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 3E7A9122204; Tue, 18 Jan 2022 14:44:55 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a306.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.107.255.161 (trex/6.4.3); Tue, 18 Jan 2022 14:44:56 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Wiry-Fumbling: 385ef8bd24b542da_1642517096116_1865269686 X-MC-Loop-Signature: 1642517096116:2315635790 X-MC-Ingress-Time: 1642517096116 Received: from [192.168.1.174] (unknown [1.186.224.209]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a306.dreamhost.com (Postfix) with ESMTPSA id 4JdWl90jd3z1Pj; Tue, 18 Jan 2022 06:44:52 -0800 (PST) Message-ID: <956fbbf8-7acd-8411-192d-49e48019aaa5@sourceware.org> Date: Tue, 18 Jan 2022 20:14:49 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCH 3/3] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) Content-Language: en-US To: Adhemerval Zanella , Andreas Schwab Cc: fweimer@redhat.com, Qualys Security Advisory , Siddhesh Poyarekar via Libc-alpha References: <20220118090728.1825487-1-siddhesh@sourceware.org> <20220118090728.1825487-4-siddhesh@sourceware.org> <87a6ft8dmy.fsf@igel.home> <149b2d34-a393-06e3-5dff-59a3885d208b@sourceware.org> <871r1589v5.fsf@igel.home> <4f6c58a4-7176-538f-63c5-827ee1f8f9a7@sourceware.org> <87wnix6uja.fsf@igel.home> <82d1a081-9b1f-b2ce-5907-163669feb42e@sourceware.org> <87sftl6u0e.fsf@igel.home> <57e3ccd2-92e8-dad8-0d1f-e4bdaa10d767@linaro.org> From: Siddhesh Poyarekar In-Reply-To: <57e3ccd2-92e8-dad8-0d1f-e4bdaa10d767@linaro.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3486.3 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2022 14:45:00 -0000 On 18/01/2022 19:29, Adhemerval Zanella via Libc-alpha wrote: > > Shouldn't we fix it on posix generic implementation then? > I added the shortcircuit in the generic as well as linux implementations. Should I only restrict it to the posix one? Technically the posix implementation is the only one that writes beyond buffer bounds, but the linux target is the only one that has the reproducer due to the linux-specific features used to get the underflow+overflow going. Thanks, Siddhesh