glibc/io/Makefile
Dmitry V. Levin 52a713fdd0 linux: make getcwd(3) fail if it cannot obtain an absolute path [BZ #22679]
Currently getcwd(3) can succeed without returning an absolute path
because the underlying getcwd syscall, starting with linux commit
v2.6.36-rc1~96^2~2, may succeed without returning an absolute path.

This is a conformance issue because "The getcwd() function shall
place an absolute pathname of the current working directory
in the array pointed to by buf, and return buf".

This is also a security issue because a non-absolute path returned
by getcwd(3) causes a buffer underflow in realpath(3).

Fix this by checking the path returned by getcwd syscall and falling
back to generic_getcwd if the path is not absolute, effectively making
getcwd(3) fail with ENOENT.  The error code is chosen for consistency
with the case when the current directory is unlinked.

[BZ #22679]
CVE-2018-1000001
* sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to
generic_getcwd if the path returned by getcwd syscall is not absolute.
* io/tst-getcwd-abspath.c: New test.
* io/Makefile (tests): Add tst-getcwd-abspath.
2018-01-12 14:49:49 +00:00

125 lines
4.6 KiB
Makefile

# Copyright (C) 1992-2018 Free Software Foundation, Inc.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# The GNU C Library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with the GNU C Library; if not, see
# <http://www.gnu.org/licenses/>.
#
# Sub-makefile for I/O portion of the library.
#
subdir := io
include ../Makeconfig
headers := sys/stat.h bits/stat.h sys/statfs.h bits/statfs.h sys/vfs.h \
sys/statvfs.h bits/statvfs.h fcntl.h sys/fcntl.h bits/fcntl.h \
poll.h sys/poll.h bits/poll.h bits/fcntl2.h bits/poll2.h \
utime.h ftw.h fts.h sys/sendfile.h
routines := \
utime \
mkfifo mkfifoat \
stat fstat lstat stat64 fstat64 lstat64 fstatat fstatat64 \
xstat fxstat lxstat xstat64 fxstat64 lxstat64 \
mknod mknodat xmknod xmknodat \
fxstatat fxstatat64 \
statfs fstatfs statfs64 fstatfs64 \
statvfs fstatvfs statvfs64 fstatvfs64 \
umask chmod fchmod lchmod fchmodat \
mkdir mkdirat \
open open_2 open64 open64_2 openat openat_2 openat64 openat64_2 \
read write lseek lseek64 access euidaccess faccessat \
fcntl flock lockf lockf64 \
close dup dup2 dup3 pipe pipe2 \
creat creat64 \
chdir fchdir \
getcwd getwd getdirname \
chown fchown lchown fchownat \
ttyname ttyname_r isatty \
link linkat symlink symlinkat readlink readlinkat \
unlink unlinkat rmdir \
ftw ftw64 fts fts64 poll ppoll \
posix_fadvise posix_fadvise64 \
posix_fallocate posix_fallocate64 \
sendfile sendfile64 copy_file_range \
utimensat futimens
# These routines will be omitted from the libc shared object.
# Instead the static object files will be included in a special archive
# linked against when the shared library will be used.
static-only-routines = stat fstat lstat stat64 fstat64 lstat64 \
fstatat fstatat64 mknod mknodat
others := pwd
test-srcs := ftwtest
tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \
tst-fcntl bug-ftw1 bug-ftw2 bug-ftw3 bug-ftw4 tst-statvfs \
tst-openat tst-unlinkat tst-fstatat tst-futimesat \
tst-renameat tst-fchownat tst-fchmodat tst-faccessat \
tst-symlinkat tst-linkat tst-readlinkat tst-mkdirat \
tst-mknodat tst-mkfifoat tst-ttyname_r bug-ftw5 \
tst-posix_fallocate tst-posix_fallocate64 \
tst-fts tst-fts-lfs tst-open-tmpfile \
tst-copy_file_range tst-getcwd-abspath \
# This test includes the compat implementation of copy_file_range,
# which uses internal, unexported libc functions.
tests-static += tst-copy_file_range-compat
tests-internal += tst-copy_file_range-compat
ifeq ($(run-built-tests),yes)
tests-special += $(objpfx)ftwtest.out
endif
include ../Rules
CFLAGS-open.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-open64.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-creat.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-creat64.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-fcntl.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-poll.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-ppoll.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-lockf.c += -fexceptions
CFLAGS-statfs.c += -fexceptions
CFLAGS-fstatfs.c += -fexceptions
CFLAGS-statvfs.c += -fexceptions
CFLAGS-fstatvfs.c += -fexceptions
CFLAGS-fts.c += -Wno-uninitialized $(uses-callbacks) -fexceptions
CFLAGS-fts64.c += -Wno-uninitialized $(uses-callbacks) -fexceptions
CFLAGS-ftw.c += $(uses-callbacks) -fexceptions
CFLAGS-ftw64.c += $(uses-callbacks) -fexceptions
CFLAGS-lockf.c += -fexceptions
CFLAGS-posix_fallocate.c += -fexceptions
CFLAGS-posix_fallocate64.c += -fexceptions
CFLAGS-fallocate.c += -fexceptions
CFLAGS-fallocate64.c += -fexceptions
CFLAGS-read.c += -fexceptions
CFLAGS-write.c += -fexceptions
CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
test-stat2-ARGS = Makefile . $(objpfx)test-stat2
tst-statvfs-ARGS = $(objpfx)tst-statvfs tst-statvfs.c /tmp
tst-open-tmpfile-ARGS = --test-dir=$(objpfx)
ifeq ($(run-built-tests),yes)
$(objpfx)ftwtest.out: ftwtest-sh $(objpfx)ftwtest
$(SHELL) $< $(common-objpfx) '$(test-program-cmd)' > $@; \
$(evaluate-test)
endif