Bug 190469
Summary: | Buffer overflow abort in realpath() on FC5 glibc 2.4-4 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ken Hall <kjhall55> | ||||
Component: | glibc | Assignee: | Jakub Jelinek <jakub> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-05-03 12:29:22 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Ken Hall
2006-05-02 18:09:03 UTC
Created attachment 128503 [details]
Test Program
The testcase is buggy: -- Function: char * realpath (const char *restrict NAME, char *restrict RESOLVED) A call to `realpath' where the RESOLVED parameter is `NULL' behaves exactly like `canonicalize_file_name'. The function allocates a buffer for the file name and returns a pointer to it. If RESOLVED is not `NULL' it points to a buffer into which the result is copied. It is the callers responsibility to allocate a buffer which is large enough. On systems which define `PATH_MAX' this means the buffer must be large enough for a pathname of this size. For systems without limitations on the pathname length the requirement cannot be met and programs should not call `realpath' with anything but `NULL' for the second parameter. On Linux, PATH_MAX is 4096, so your program violates that. |