Date: Tue, 27 May 1997 10:13:53 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: shigio@wafu.netgate.net (Shigio Yamaguchi) Cc: freebsd-hackers@FreeBSD.ORG, shigio@wafu.netgate.net Subject: Re: Bug fix for realpath(3). Message-ID: <199705271713.KAA15554@phaeton.artisoft.com> In-Reply-To: <199705270820.IAA12141@wafu.netgate.net> from "Shigio Yamaguchi" at May 28, 97 01:17:48 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, hackers.
> I fixed two bugs in realpath(3). Would you please check this?
>
> 1. Realpath goes into infinite loop.
>
> % ln -s a b
> % ln -s b a
>
> [user's code]
>
> char resolved[MAXPATHLEN];
> (void)realpath("a", resolved); /* It will not return */
>
> It should break when over MAXSYMLINKS symbolic links are encountered,
> like other system calls.
It's a library call, but you are right about where it should fail out.
8-).
> 2. Realpath has unsafe code.
>
> [user's code]
>
> char resolved[MAXPATHLEN];
> (void)realpath("xxx", resolved);
>
> [realpath's code]
>
> n = readlink(p, resolved, MAXPATHLEN);
> if (n < 0)
> goto err1;
> resolved[n] = '\0'; /* It's dangerous */
This is actually a bogosity which should be addressed in realpath(3)'s
definition. It should probably be:
char *
realpath(const char *pathname, char resolvedname[MAXPATHLEN+1])
In the manual page, to accout for the NUL.
Alternately, it should return a count, just like readlink(), and not
NULL terminate the return value.
The problem with your fix is that a 1024 byte readlink return is
perfectly legal.
Regards,
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705271713.KAA15554>