mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-19 17:50:51 +01:00
b01f0b7d76
getcwd() has two off-by-one bugs in FreeBSD-2.0: 1. getcwd(buf, size) fails when the size is just large enough. 2. getcwd(buf + 1, 1) incorrectly succeeds when the current directory is "/". buf[0] and buf[2] are clobbered. (I modified Bruce's original patch to return the proper error code [ERANGE] in the case of #2, but otherwise... -DG) This program demonstrates the bug: --- #include <stdlib.h> #include <string.h> #include <stdio.h> #include <unistd.h> int main(void) { char buf[5]; int errors; errors = 0; if (chdir("/tmp") != 0) { perror("chdir"); abort(); } if (getcwd(buf, 5) == NULL) { perror("oops, getcwd failed for buffer size = size required"); ++errors; } if (chdir("/") != 0) { perror("chdir"); abort(); } buf[0] = 0; buf[2] = 1; if (getcwd(buf + 1, 1) != NULL) { fprintf(stderr, "oops, getcwd succeeded for buffer size = one too small\n"); ++errors; } if (buf[0] != 0) { fprintf(stderr, "oops, getcwd scribbled on memory before start of buffer\n"); ++errors; } if (buf[2] != 1) { fprintf(stderr, "oops, getcwd scribbled on memory after end of buffer\n"); ++errors; } exit(errors == 0 ? 0 : 1); } |
||
|---|---|---|
| .. | ||
| csu/i386 | ||
| libc | ||
| libcompat | ||
| libcrypt | ||
| libcurses | ||
| libedit | ||
| libf2c | ||
| libF77 | ||
| libforms | ||
| libI77 | ||
| libkvm | ||
| libm | ||
| libmd | ||
| libmytinfo | ||
| libncurses | ||
| libpam/modules | ||
| libresolv | ||
| librpc | ||
| librpcsvc | ||
| libskey | ||
| libtelnet | ||
| libterm | ||
| libtermcap | ||
| libutil | ||
| liby | ||
| msun | ||
| ncurses/ncurses | ||
| rpcsvc | ||
| Makefile | ||
| Makefile.inc | ||