Almost all uses of rawmemchr find the end of a string. Since most targets use
a generic implementation, replacing it with strchr is better since that is
optimized by compilers into strlen (s) + s. Also fix the generic rawmemchr
implementation to use a cast to unsigned char in the if statement.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Move the buffer management from realpath_stk to __realpath. This
allows returning directly after allocation errors.
Always make a copy of the result buffer using strdup even if it is
already heap-allocated. (Heap-allocated buffers are somewhat rare.)
This avoids GCC warnings at certain optimization levels.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
The GNU extension for realpath states that if the path resolution fails
with ENOENT or EACCES and the resolved buffer is non-NULL, it will
contain part of the path that failed resolution.
commit 949ad78a18 broke this when it
omitted the copy on failure. Bring it back partially to continue
supporting this GNU extension.
Resolves: BZ #28996
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
On failure, the contents of the resolved buffer passed in by the caller
to realpath are undefined. Do not copy any partial resolution to the
buffer and also do not test resolved contents in test-canon.c.
Resolves: BZ #28815
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Set errno and failure for paths that are too long only if no other error
occurred earlier.
Related: BZ #28770
Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
realpath returns an allocated string when the result exceeds PATH_MAX,
which is unexpected when its second argument is not NULL. This results
in the second argument (resolved) being uninitialized and also results
in a memory leak since the caller expects resolved to be the same as the
returned value.
Return NULL and set errno to ENAMETOOLONG if the result exceeds
PATH_MAX. This fixes [BZ #28770], which is CVE-2021-3998.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
It sync with gnulib version ae9fb3d66. The testcase for BZ#23741
(stdlib/test-bz22786.c) is adjusted to check also for ENOMEM.
The patch fixes multiple realpath issues:
- Portability fixes for errno clobbering on free (BZ#10635). The
function does not call free directly anymore, although it might be
done through scratch_buffer_free. The free errno clobbering is
being tracked by BZ#17924.
- Pointer arithmetic overflows in realpath (BZ#26592).
- Realpath cyclically call __alloca(path_max) to consume too much
stack space (BZ#26341).
- Realpath mishandles EOVERFLOW; stat not needed anyway (BZ#24970).
The check is done through faccessat now.
Checked on x86_64-linux-gnu and i686-linux-gnu.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
It replaces the internal usage of __{f,l}xstat{at}{64} with the
__{f,l}stat{at}{64}. It should not change the generate code since
sys/stat.h explicit defines redirections to internal calls back to
xstat* symbols.
Checked with a build for all affected ABIs. I also check on
x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Lukasz Majewski <lukma@denx.de>
when realpath() input length is close to SSIZE_MAX.
2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #22786]
* stdlib/canonicalize.c (__realpath): Fix overflow in path length
computation.
* stdlib/Makefile (test-bz22786): New test.
* stdlib/test-bz22786.c: New test.
2008-06-25 Ulrich Drepper <drepper@redhat.com>
[BZ #6654]
* stdlib/canonicalize.c (__realpath): readlink can write too much
into the buffer on platforms without PATH_MAX.
was allocated here. [Coverity CID 219]
* posix/getconf.c (print_all): Free confstr data after printing.
[Coverity CID 218]
* sysdeps/posix/getaddrinfo.c (gaih_inet): Free canon string if
list allocation fails. [Coverity CID 215]
* nss/nsswitch.c (__nss_configure_lookup): Fix loop end condition.
[Coverity CID 213]
* argp/argp-help.c (hol_entry_cmp): Don't call canon_doc_option if
string is NULL. [Coverity CID 212]
* argp/Makefile: Add rules to build and run bug-argp1.
* argp/bug-argp1.c: New file.
* io/ftw.c (ftw_dir): Use __rawmemchr instead of strchr to find
end of string.
* stdlib/canonicalize.c (__realpath): Likewise.
* locale/programs/ld-time.c (time_finish): Don't dereference NULL
pointer. [Coverity CID 206]
* elf/dl-dst.h (DL_DST_REQUIRED): Be prepared for missing link map
in statically linked code.
* elf/dl-load.c (_dl_dst_substitute): When replacing ORIGIN in
statically built code, be prepared to have no link map.
[Coverity CID 205]
* argp/argp-help.c (fill_in_uparams): Handle STATE==NULL in
dgettext calls. [Coverity CID 204]
* argp/argp-help.c (struct uparams): Remove valid member. Change
the one user.
(uparam_names): Reduce size. Avoid relative relocations.
Moved to read-only segment.
(fill_in_uparams): Update for new layout.
* sysdeps/unix/sysv/linux/ifaddrs.c (getifaddrs): Parameter can be
assumed to always be != NULL. [Coverity CID 202]
* argp/argp-help.c (hol_entry_help): Remove some dead code
[Coverity CID 200].
* nis/nss_nis/nis-service.c (_nss_nis_getservbyport_r): Optimize
away a few more unconditional yperr2nss calls.
(_nss_nis_getservbyname_r): Likewise.
for the new error case.
2004-06-02 Dmitry V. Levin <ldv@altlinux.org>
Ranjani Murthy <ranmur@gmail.com>
* stdlib/canonicalize.c (__realpath): Change realpath(3) to
return NULL and set errno to ENOTDIR for such pathnames like
"/path/to/existing-non-directory/".
* sysdeps/arm/dl-machine.h (elf_machine_rela): Handle R_ARM_COPY.
2002-11-15 Roland McGrath <roland@redhat.com>
* math/Makefile (libm-calls): Change s_ldexp to m_ldexp.
* Makerules ($(+sysdir_pfx)sysd-rules): Emit pattern rules for m_%.[Sc]
from sysdeps/.../s_%.[Sc] with commands $(+make-include-of-dep).
(+make-include-of-dep): New canned sequence.
* stdlib/canonicalize.c (__realpath): Check for malloc failure.
From Dmitry V. Levin <ldv@altlinux.org>.
2002-07-11 Ulrich Drepper <drepper@redhat.com>
* Versions.def (libc): Add GLIBC_2.3.
* stdlib/Versions [libc] (GLIBC_2.3): Add realpath.
* stdlib/canonicalize.c: Add compatibility version for realpath
and make new code available in GLIBC_2.3.
* stdlib/canonicalize.c (canonicalize): Rename to __realpath and
don't define static. Remove old __realpath function. TC1 of
POSIX 2001 will allow the second parameter to be NULL.
* stdlib/test-canon.c: Comment out test for NULL as second
parameter of realpath.
* time/offtime.c (__offtime): Set errno if overflow is detected.
2001-07-06 Paul Eggert <eggert@twinsun.com>
* manual/argp.texi: Remove ignored LGPL copyright notice; it's
not appropriate for documentation anyway.
* manual/libc-texinfo.sh: "Library General Public License" ->
"Lesser General Public License".
2001-07-06 Andreas Jaeger <aj@suse.de>
* All files under GPL/LGPL version 2: Place under LGPL version
2.1.
2000-02-11 Ulrich Drepper <drepper@redhat.com>
* stdio-common/printf-parse.h (parse_one_spec): Set wide elements.
* stdio-common/printf_fp.c: Truely support wide characater output.
Finally handle decimal points and thousands separator characters
correctly for multibyte output.
* stdio-common/printf_size.c: Likewise.
* sysdeps/generic/printf_fphex.c: Likewise.
* sysdeps/ieee754/ldbl-96/printf_fphex.c: Likewise.
* stdio-common/vfscanf.c: Implement I modifier for numbers to read
locale dependent digits.
* locale/C-monetary.c (_nl_C_LC_MONETARY): Change wide character
decimal point and thousands separator values to wide characters from
wide character strings.
* locale/C-numeric.c (_nl_C_LC_NUMERIC): Likewise.
* locale/indigitswc.h: Dereference wcdigits array elements.
2000-02-03 Jakub Jelinek <jakub@redhat.com>
* stdlib/canonicalize.c (canonicalize): Zero terminate
path to copy on error.
2000-02-01 Cristian Gafton <gafton@redhat.com>
* misc/syslog.c (closelog): Reset LogType to SOCK_DGRAM.
2000-01-31 Philip Blundell <philb@gnu.org>
* sysdeps/arm/fpu/fpu_control.h (_FPU_DEFAULT): Set the AC bit.
2000-01-31 Andreas Jaeger <aj@suse.de>
* intl/Makefile (generated): msgs.h is generated.
* localedata/Makefile (generated-dirs): Add de_DE.437.
2000-01-31 Jakub Jelinek <jakub@redhat.com>
* config.make.in: Allow default localedir to come from configure.
* configure.in: Export libc_cv_localedir.
* sysdeps/unix/sysv/linux/configure.in: For sparc64, put locale
stuff into $exec_prefix/lib/locale because it can be shared between
32bit and 64bit libraries.
* configure: Rebuilt.
* sysdeps/unix/sysv/linux/configure: Rebuilt.
2000-01-31 Andreas Jaeger <aj@suse.de>
* inet/tst-network.c: New file.
* inet/Makefile (tests): Add tst-network.
* inet/inet_net.c (inet_network): Don't overwrite memory or allow
to great last digits.
1998-04-14 16:34 Ulrich Drepper <drepper@cygnus.com>
* test-skeleton.c: Provide hook for initializing code before the fork.
* rt/tst-aio.c: Use PREPARE hook to make suer temp files are always
removed.
* libio/fcloseall.c (__fcloseall): Return return value of _IO_cleanup.
* libio/genops.c (_IO_cleanup): Return return value of _IO_flush_all.
* libio/libioP.h: Adopt _IO_cleanup prototype.
* stdlib/Makefile (tests): Add test-canon2.
* stdlib/test-canon2.c: New file.
* stdlib/canonicalize.c (canonicalize): Allow RESOLVED parameter to
be NULL. Use __lxstat, not __lstat. Correctly recognize long
symlink sequences.
(__realpath): Make real function which checks RESOLVED parameter for
not being NULL.
1998-04-14 Ulrich Drepper <drepper@cygnus.com>
* catgets/open_catalog.c (__open_catalog): Fix problems with
reading non-files. Always close file.
Reported by Cristian Gafton <gafton@redhat.com>.
* elf/dl-minimal.c (__strtol_internal): Prevent overflow warnings.
1998-04-14 13:28 Ulrich Drepper <drepper@cygnus.com>
* libc.map: Add various low-level I/O functions.
1998-04-14 10:35 Ulrich Drepper <drepper@cygnus.com>
* string/Makefile (routines): Remove strerror_r.
* string/strerror_r.c: Removed.
* string/strerror.c: Call __strerror_r for doing the real work.
* sysdeps/generic/_strerror.c: Rename function to __strerror_r and
add weak alias strerror_r.
* sysdeps/mach/_strerror.c: Likewise.
* assert/assert-perr.c: Use __strerror_r instead of _strerror_internal.
* elf/dl-error.c (_dl_signal_error): Likewise.
* elf/dl-profile.c (_dl_start_profile): Likewise.
* gmon/gmon.c (write_gmon): Likewise.
* stdio-common/perror.c: Likewise.
* stdio-common/vfprintf.c: Likewise.
1998-04-10 Mark Kettenis <kettenis@phys.uva.nl>
* sysdeps/unix/sysv/linux/Makefile [$(subdir)=inet]
(sysdep_headers): Add netatalk/at.h.
1998-04-12 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* manual/socket.texi, manual/creature.texi, manual/time.texi:
Formatting fixes.
1998-04-13 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* posix/regex.c: Rename __re_syntax_options back to
re_syntax_options, aliases do not work with global variables due
to copy relocations.
(regex_compile): Use syntax parameter instead of
re_syntax_options.
1998-04-14 Andreas Jaeger <aj@arthur.rhein-neckar.de>
* configure.in: Document that enable-force-install is default.
1998-04-08 20:06 Ulrich Drepper <drepper@cygnus.com>
* iconv/gconv_conf.c (__gconv_read_conf): Use __realpath not realpath.
* iconv/gconv_db.c: Use __ protected regex functions.
* iconv/gconv_simple.c: Use __mbsinit not mbsinit.
* posix/getopt_init.c: Use __getpid not getpid.
* posix/regex.c: Rename all global functions to start with __ and
make old names weak aliases.
* posix/regex.h: Adopt prototypes for this.
* stdlib/canonicalize.c: Define __realpath, make canonicalize_file_name
a weak alias and use __getcwd instead of getcwd.
* stdlib/stdlib.h: Declare __realpath and __canonicalize_file_name.
* stdlib/strtod.c: Use __btowc instead of btowc.
* stdlib/strtol.c: Likewise.
* sysdeps/libm-ieee754/s_matherr.c: Weaken definition of matherr.
* sysdeps/unix/sysv/linux/errlist.c: Make sure definitions of sys_nerr
and sys_errlist are weak.
* wcsmbs/btowc.c: Define function as __btowc and make btowc weak alias.
* wcsmbs/mbrtowc.c: Use __mbsinit not mbsinit.
* wcsmbs/mbsnrtowcs.c: Likewise.
* wcsmbs/mbsrtowcs.c: Likewise.
* wcsmbs/wcsnrtombs.c: Likewise.
* wcsmbs/wcsrtombs.c: Likewise.
* wcsmbs/mbsinit.c: Define function as __mbsinit and make mbsinit
weak alias.
* wcsmbs/wchar.h: Declare __btowc and __mbsinit.
* wctype/wctype.c: Define function as __wctype and make wctype
weak alias.
* wctype/wctype.h: Declare __wctype.
Sat Dec 7 03:24:36 1996 Ulrich Drepper <drepper@cygnus.com>
* configure.in: Discard error message from test in test for
bash-2.0.
* io/getpw.c: Don't apply getcwd on user supplied buffer.
Instead always use temporary buffer and only copy the result.
Patch by HJ Lu.
* stdlib/canonicalize.c: Likewise.
* libio/fileops.c: Change comments according to libg++2.8b5.
* libio/iosetvbuf.c: Follow change in libg++-2.8b5 to clear
unbuffered flag.
Reported by HJ Lu.
* manual/nss.texi: Correct prototypes.
* misc/syslog.c: Make reentrant. Catch SIGPIPE signal to prevent
crash if syslog daemon is restarted.
* stdlib/rand_r.c: New file. Implementation of POSIX.2 function
rand_r.
* stdlib/Makefile (routines): Add rand_r.
* sysdeps/stub/libc-lock.h: Define __libc_lock_trylock and
__libc_mutex_lock.
* configure.in: Add --disable-sanity-check option.
* sysdeps/unix/sysv/linux/configure.in: If linuxthreads or
des-crypt are not available and --disbale-sanity-check is not
given abort with a message.
Thu Dec 5 19:19:53 1996 Richard Henderson <rth@tamu.edu>
* posix/glob.c: Tests against STDC_HEADERS should also test
__GNU_LIBRARY__.
Thu Dec 5 16:20:55 1996 Ulrich Drepper <drepper@cygnus.com>
* misc/err.c (vwarn): Set errno again before using %m format.
Thu Dec 5 10:14:05 1996 Andreas Jaeger <aj@arthur.pfalz.de>
* grp/grp.h: Add declaration of __getgrent_r.
* io/fts.c (fts_build): Remove "register" from variables dirbuf
and dp since their address is needed.
* sysdeps/posix/getcwd.c (__getcwd): Remove "register" from
variable d since d's address is needed.
* misc/tst-dirname.c (main): Provide prototype.
* misc/ioctltst.c (main): Dito.
* Makefile: Add gnu/lib-names.h to install-others before including
Makerules.
Wed Dec 4 16:00:09 1996 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/sys/socketvar.h: New file. Simply use
<sys/socket.h>.
* sysdeps/unix/sysv/linux/Dist: Add sys/socketvar.h.
* sysdeps/unix/sysv/linux/Makefile [$(subdir)=inet)]: Add
sys/socketvar.h to sysdep_headers.
since the value might be outside the range of the `long int'.