Bug 492861 - POSIX_MAX_PATH vs MAX_PATH problem in muttlib.c:810
POSIX_MAX_PATH vs MAX_PATH problem in muttlib.c:810
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: mutt (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Lichvar
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-30 08:48 EDT by Fabrice Bellet
Modified: 2009-04-01 11:08 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-01 11:08:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Fabrice Bellet 2009-03-30 08:48:13 EDT
the rawhide version of mutt fails with a 'buffer overflow' error, because of the size check of the 2nd parameter of function realpath(). tmp is defined as a char tmp[_POSIX_PATH_MAX], but its size is expected to be at least PATH_MAX (4096 vs 256) in the glibc check from realpath_chk.c:30

char *
__realpath_chk (const char *buf, char *resolved, size_t resolvedlen)
{
#ifdef PATH_MAX
  if (resolvedlen < PATH_MAX)
    __chk_fail ();

  return __realpath (buf, resolved);
#else
Comment 1 Miroslav Lichvar 2009-04-01 11:08:45 EDT
Fixed in mutt-1.5.19-4.fc11. Thanks.

Note You need to log in before you can comment on or make changes to this bug.