mirror of
https://sourceware.org/git/glibc.git
synced 2025-01-16 13:44:14 +00:00
52a713fdd0
Currently getcwd(3) can succeed without returning an absolute path because the underlying getcwd syscall, starting with linux commit v2.6.36-rc1~96^2~2, may succeed without returning an absolute path. This is a conformance issue because "The getcwd() function shall place an absolute pathname of the current working directory in the array pointed to by buf, and return buf". This is also a security issue because a non-absolute path returned by getcwd(3) causes a buffer underflow in realpath(3). Fix this by checking the path returned by getcwd syscall and falling back to generic_getcwd if the path is not absolute, effectively making getcwd(3) fail with ENOENT. The error code is chosen for consistency with the case when the current directory is unlinked. [BZ #22679] CVE-2018-1000001 * sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to generic_getcwd if the path returned by getcwd syscall is not absolute. * io/tst-getcwd-abspath.c: New test. * io/Makefile (tests): Add tst-getcwd-abspath.
136 lines
3.5 KiB
C
136 lines
3.5 KiB
C
/* Determine current working directory. Linux version.
|
|
Copyright (C) 1997-2018 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
Contributed by Ulrich Drepper <drepper@cygnus.com>, 1997.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library; if not, see
|
|
<http://www.gnu.org/licenses/>. */
|
|
|
|
#include <assert.h>
|
|
#include <errno.h>
|
|
#include <limits.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <sys/param.h>
|
|
|
|
#include <sysdep.h>
|
|
#include <sys/syscall.h>
|
|
|
|
|
|
/* If we compile the file for use in ld.so we don't need the feature
|
|
that getcwd() allocates the buffers itself. */
|
|
#if IS_IN (rtld)
|
|
# define NO_ALLOCATION 1
|
|
#endif
|
|
|
|
|
|
/* The "proc" filesystem provides an easy method to retrieve the value.
|
|
For each process, the corresponding directory contains a symbolic link
|
|
named `cwd'. Reading the content of this link immediate gives us the
|
|
information. But we have to take care for systems which do not have
|
|
the proc filesystem mounted. Use the POSIX implementation in this case. */
|
|
static char *generic_getcwd (char *buf, size_t size);
|
|
|
|
char *
|
|
__getcwd (char *buf, size_t size)
|
|
{
|
|
char *path;
|
|
char *result;
|
|
|
|
#ifndef NO_ALLOCATION
|
|
size_t alloc_size = size;
|
|
if (size == 0)
|
|
{
|
|
if (buf != NULL)
|
|
{
|
|
__set_errno (EINVAL);
|
|
return NULL;
|
|
}
|
|
|
|
alloc_size = MAX (PATH_MAX, __getpagesize ());
|
|
}
|
|
|
|
if (buf == NULL)
|
|
{
|
|
path = malloc (alloc_size);
|
|
if (path == NULL)
|
|
return NULL;
|
|
}
|
|
else
|
|
#else
|
|
# define alloc_size size
|
|
#endif
|
|
path = buf;
|
|
|
|
int retval;
|
|
|
|
retval = INLINE_SYSCALL (getcwd, 2, path, alloc_size);
|
|
if (retval > 0 && path[0] == '/')
|
|
{
|
|
#ifndef NO_ALLOCATION
|
|
if (buf == NULL && size == 0)
|
|
/* Ensure that the buffer is only as large as necessary. */
|
|
buf = realloc (path, (size_t) retval);
|
|
|
|
if (buf == NULL)
|
|
/* Either buf was NULL all along, or `realloc' failed but
|
|
we still have the original string. */
|
|
buf = path;
|
|
#endif
|
|
|
|
return buf;
|
|
}
|
|
|
|
/* The system call either cannot handle paths longer than a page
|
|
or can succeed without returning an absolute path. Just use the
|
|
generic implementation right away. */
|
|
if (retval >= 0 || errno == ENAMETOOLONG)
|
|
{
|
|
#ifndef NO_ALLOCATION
|
|
if (buf == NULL && size == 0)
|
|
{
|
|
free (path);
|
|
path = NULL;
|
|
}
|
|
#endif
|
|
|
|
result = generic_getcwd (path, size);
|
|
|
|
#ifndef NO_ALLOCATION
|
|
if (result == NULL && buf == NULL && size != 0)
|
|
free (path);
|
|
#endif
|
|
|
|
return result;
|
|
}
|
|
|
|
/* It should never happen that the `getcwd' syscall failed because
|
|
the buffer is too small if we allocated the buffer ourselves
|
|
large enough. */
|
|
assert (errno != ERANGE || buf != NULL || size != 0);
|
|
|
|
#ifndef NO_ALLOCATION
|
|
if (buf == NULL)
|
|
free (path);
|
|
#endif
|
|
|
|
return NULL;
|
|
}
|
|
weak_alias (__getcwd, getcwd)
|
|
|
|
/* Get the code for the generic version. */
|
|
#define GETCWD_RETURN_TYPE static char *
|
|
#define __getcwd generic_getcwd
|
|
#include <sysdeps/posix/getcwd.c>
|