mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
b01f0b7d76
getcwd() has two off-by-one bugs in FreeBSD-2.0: 1. getcwd(buf, size) fails when the size is just large enough. 2. getcwd(buf + 1, 1) incorrectly succeeds when the current directory is "/". buf[0] and buf[2] are clobbered. (I modified Bruce's original patch to return the proper error code [ERANGE] in the case of #2, but otherwise... -DG) This program demonstrates the bug: --- #include <stdlib.h> #include <string.h> #include <stdio.h> #include <unistd.h> int main(void) { char buf[5]; int errors; errors = 0; if (chdir("/tmp") != 0) { perror("chdir"); abort(); } if (getcwd(buf, 5) == NULL) { perror("oops, getcwd failed for buffer size = size required"); ++errors; } if (chdir("/") != 0) { perror("chdir"); abort(); } buf[0] = 0; buf[2] = 1; if (getcwd(buf + 1, 1) != NULL) { fprintf(stderr, "oops, getcwd succeeded for buffer size = one too small\n"); ++errors; } if (buf[0] != 0) { fprintf(stderr, "oops, getcwd scribbled on memory before start of buffer\n"); ++errors; } if (buf[2] != 1) { fprintf(stderr, "oops, getcwd scribbled on memory after end of buffer\n"); ++errors; } exit(errors == 0 ? 0 : 1); } |
||
---|---|---|
.. | ||
csu/i386 | ||
libc | ||
libcompat | ||
libcrypt | ||
libcurses | ||
libedit | ||
libf2c | ||
libF77 | ||
libforms | ||
libI77 | ||
libkvm | ||
libm | ||
libmd | ||
libmytinfo | ||
libncurses | ||
libpam/modules | ||
libresolv | ||
librpc | ||
librpcsvc | ||
libskey | ||
libtelnet | ||
libterm | ||
libtermcap | ||
libutil | ||
liby | ||
msun | ||
ncurses/ncurses | ||
rpcsvc | ||
Makefile | ||
Makefile.inc |