From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from butterfly.birch.relay.mailchannels.net (butterfly.birch.relay.mailchannels.net [23.83.209.27]) by sourceware.org (Postfix) with ESMTPS id 403313858438 for ; Tue, 18 Jan 2022 13:45:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 403313858438 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DB137121D47; Tue, 18 Jan 2022 13:45:52 +0000 (UTC) Received: from pdx1-sub0-mail-a306.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 9C14D12015D; Tue, 18 Jan 2022 13:45:52 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a306.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.114.70.224 (trex/6.4.3); Tue, 18 Jan 2022 13:45:52 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Thoughtful-Celery: 3507f08f7eb11a52_1642513552766_323579348 X-MC-Loop-Signature: 1642513552766:106755440 X-MC-Ingress-Time: 1642513552766 Received: from [192.168.1.174] (unknown [1.186.224.209]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a306.dreamhost.com (Postfix) with ESMTPSA id 4JdVR21D7Fz3D; Tue, 18 Jan 2022 05:45:49 -0800 (PST) Message-ID: Date: Tue, 18 Jan 2022 19:15:44 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCH 3/3] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) Content-Language: en-US To: Andreas Schwab Cc: Siddhesh Poyarekar via Libc-alpha , fweimer@redhat.com, Qualys Security Advisory References: <20220118090728.1825487-1-siddhesh@sourceware.org> <20220118090728.1825487-4-siddhesh@sourceware.org> <87a6ft8dmy.fsf@igel.home> <149b2d34-a393-06e3-5dff-59a3885d208b@sourceware.org> <871r1589v5.fsf@igel.home> <4f6c58a4-7176-538f-63c5-827ee1f8f9a7@sourceware.org> <87wnix6uja.fsf@igel.home> <82d1a081-9b1f-b2ce-5907-163669feb42e@sourceware.org> <87sftl6u0e.fsf@igel.home> From: Siddhesh Poyarekar In-Reply-To: <87sftl6u0e.fsf@igel.home> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3486.2 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2022 13:46:07 -0000 On 18/01/2022 19:11, Andreas Schwab wrote: > On Jan 18 2022, Siddhesh Poyarekar wrote: > >> Can you tell me where the reproducer is wrong then? > > Is it? > I'm unable to parse your one-liners, can you please elaborate? I can't even tell for sure what part of the patch you're objecting to. Without the patch, the test fails like so: error: ../sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c:228: not true: cwd == NULL && errno == ERANGE buf[9] = 2f buf[10] = 2f buf[11] = 00 error: 4 test failures where buf[10] is the single byte that is passed. Note that buf[9] as well as buf[11] get overwritten. Not only that, neither getcwd returns a non-NULL value nor is errno ERANGE; I split out the TEST_VERIFY to confirm that both are false. Siddhesh