Bug 11151

Summary: overflow() at realpath
Product: uClibc Reporter: Dhiraj <mishra.dhiraj95>
Component: OtherAssignee: unassigned
Status: NEW ---    
Severity: normal CC: uclibc-cvs
Priority: P5    
Version: 0.9.33.2   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description Dhiraj 2018-07-12 16:13:10 UTC 
uClibc

File: canonicalize.c line number 36

According to the documentation of realpath() the output buffer needs to be at least of size PATH_MAX specifying output buffers large enough to handle the maximum-size possible result from path manipulation functions. (In that instance, buf's size comes from uv__fs_pathmax_size(). That function attempts to use pathconf(path, _PC_PATH_MAX) as noted in the realpath(3) docs)

But over here uv__fs_pathmax_size() nor pathconf(path, _PC_PATH_MAX) is used.

Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath() readlink() PathAppend() and others.