From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <siddhesh@gotplt.org>
Received: from bumble.maple.relay.mailchannels.net
 (bumble.maple.relay.mailchannels.net [23.83.214.25])
 by sourceware.org (Postfix) with ESMTPS id 1B1F93857C46;
 Tue, 18 Jan 2022 13:56:12 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1B1F93857C46
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id BDE07801ABA;
 Tue, 18 Jan 2022 13:56:09 +0000 (UTC)
Received: from pdx1-sub0-mail-a306.dreamhost.com (unknown [127.0.0.6])
 (Authenticated sender: dreamhost)
 by relay.mailchannels.net (Postfix) with ESMTPA id 3692A801B79;
 Tue, 18 Jan 2022 13:56:09 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from pdx1-sub0-mail-a306.dreamhost.com (pop.dreamhost.com
 [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
 by 100.107.255.161 (trex/6.4.3); Tue, 18 Jan 2022 13:56:09 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Vacuous-Zesty: 399b6d803101ae11_1642514169618_4199722418
X-MC-Loop-Signature: 1642514169618:3432877299
X-MC-Ingress-Time: 1642514169618
Received: from [192.168.1.174] (unknown [1.186.224.209])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits))
 (No client certificate requested)
 (Authenticated sender: siddhesh@gotplt.org)
 by pdx1-sub0-mail-a306.dreamhost.com (Postfix) with ESMTPSA id 4JdVft5085z1PR; 
 Tue, 18 Jan 2022 05:56:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=gotplt.org;
 s=gotplt.org; t=1642514168; bh=QoGTwOwz5KbPImmLW/RntZnf07A=;
 h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding;
 b=kiGN65vbh/k8yS5ahJmfK+faCVexmrkcLKz+XJyMmosHzTQi1ONQN0w/nXjludrXe
 0ylJgjPGs8UkGC6OowNTt9yt1t0/NErFk0SOOtQyJmcYVq/UyjnGxVOY6AyC/0IZT1
 O9+t3N0dHLjy5PsAB6d0KRJaO5hi1kvXfd0s+pZs=
Message-ID: <f22484f9-4745-4d22-c29f-b64765c6a6ab@gotplt.org>
Date: Tue, 18 Jan 2022 19:26:01 +0530
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.4.0
Subject: Re: [PATCH 3/3] getcwd: Set errno to ERANGE for size == 1
 (CVE-2021-3999)
Content-Language: en-US
To: Siddhesh Poyarekar <siddhesh@sourceware.org>,
 Andreas Schwab <schwab@linux-m68k.org>
Cc: fweimer@redhat.com, Qualys Security Advisory <qsa@qualys.com>,
 Siddhesh Poyarekar via Libc-alpha <libc-alpha@sourceware.org>
References: <20220118090728.1825487-1-siddhesh@sourceware.org>
 <20220118090728.1825487-4-siddhesh@sourceware.org> <87a6ft8dmy.fsf@igel.home>
 <149b2d34-a393-06e3-5dff-59a3885d208b@sourceware.org>
 <871r1589v5.fsf@igel.home>
 <4f6c58a4-7176-538f-63c5-827ee1f8f9a7@sourceware.org>
 <87wnix6uja.fsf@igel.home>
 <82d1a081-9b1f-b2ce-5907-163669feb42e@sourceware.org>
 <87sftl6u0e.fsf@igel.home>
 <fb4e3d8e-4230-3c27-e30d-ea5f25c6d5aa@sourceware.org>
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
In-Reply-To: <fb4e3d8e-4230-3c27-e30d-ea5f25c6d5aa@sourceware.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-3029.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A,
 RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,
 SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jan 2022 13:56:15 -0000

On 18/01/2022 19:15, Siddhesh Poyarekar via Libc-alpha wrote:
> well as buf[11] get overwritten.  Not only that, neither getcwd returns 
> a non-NULL value nor is errno ERANGE; I split out the TEST_VERIFY to 

correction: neither getcwd returns NULL nor is errno ERANGE.