|
Message-ID: <CAOs05YaDsSSctj=3che2OQ7Gqjd919NVsd_H=y1cbt0vDkH4aw@mail.gmail.com>
Date: Thu, 12 Jul 2018 19:55:56 +0530
From: "m0rtal f!w" <mortalfw@...il.com>
To: musl@...ts.openwall.com
Subject: overflow() at stdlib.h
Team,
File: stdlib.h#L:113
i.e
char *realpath (const char *__restrict, char *__restrict);
According to the documentation of realpath() the output buffer needs to be
at least of size PATH_MAX specifying output buffers large enough to handle
the maximum-size possible result from path manipulation functions. (In that
instance, buf's size comes from uv__fs_pathmax_size(). That function
attempts to use pathconf(path, _PC_PATH_MAX) as noted in the realpath(3)
docs)
But over here uv__fs_pathmax_size() nor pathconf(path, _PC_PATH_MAX) is
used.
Passing an inadequately-sized output buffer to a path manipulation function
can result in a buffer overflow. Such functions include realpath()
readlink() PathAppend() and others.
Request team to have a look and validate.
Thank you
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.