Bug 492861 - POSIX_MAX_PATH vs MAX_PATH problem in muttlib.c:810
Summary: POSIX_MAX_PATH vs MAX_PATH problem in muttlib.c:810
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: mutt
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Lichvar
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-30 12:48 UTC by Fabrice Bellet
Modified: 2009-04-01 15:08 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-01 15:08:45 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Fabrice Bellet 2009-03-30 12:48:13 UTC 
the rawhide version of mutt fails with a 'buffer overflow' error, because of the size check of the 2nd parameter of function realpath(). tmp is defined as a char tmp[_POSIX_PATH_MAX], but its size is expected to be at least PATH_MAX (4096 vs 256) in the glibc check from realpath_chk.c:30

char *
__realpath_chk (const char *buf, char *resolved, size_t resolvedlen)
{
#ifdef PATH_MAX
  if (resolvedlen < PATH_MAX)
    __chk_fail ();

  return __realpath (buf, resolved);
#else
Comment 1 Miroslav Lichvar 2009-04-01 15:08:45 UTC 
Fixed in mutt-1.5.19-4.fc11. Thanks.
Note You need to log in before you can comment on or make changes to this bug.