From owner-freebsd-bugs Thu Jun 19 23:10:09 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA14014 for bugs-outgoing; Thu, 19 Jun 1997 23:10:09 -0700 (PDT) Received: (from gnats@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA13999; Thu, 19 Jun 1997 23:10:05 -0700 (PDT) Resent-Date: Thu, 19 Jun 1997 23:10:05 -0700 (PDT) Resent-Message-Id: <199706200610.XAA13999@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, shigio@wafu.netgate.net Received: from wafu.netgate.net (wafu.netgate.net [204.145.147.80]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA13635 for ; Thu, 19 Jun 1997 23:02:17 -0700 (PDT) Received: from chiota.signet.or.jp (INS9.tama.dtinet.or.jp [203.181.77.9]) by wafu.netgate.net (8.7.5/8.7.3) with ESMTP id WAA10618; Thu, 19 Jun 1997 22:06:03 GMT Received: (from shigio@localhost) by chiota.signet.or.jp (8.8.5/) id OAA00927; Fri, 20 Jun 1997 14:59:13 +0900 (JST) Message-Id: <199706192206.WAA10618@wafu.netgate.net> Date: Fri, 20 Jun 1997 14:59:13 +0900 (JST) From: shigio@wafu.netgate.net Reply-To: shigio@wafu.netgate.net To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: shigio@wafu.netgate.net X-Send-Pr-Version: 3.2 Subject: misc/3911: realpath(3) fall into infinit loop. Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 3911 >Category: misc >Synopsis: realpath(3) fall into infinit loop. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jun 19 23:10:03 PDT 1997 >Last-Modified: >Originator: Shigio Yamaguchi >Organization: Freelance programmer >Release: FreeBSD 2.2.1-RELEASE i386 >Environment: All environment >Description: Realpath fall into infinit loop when encounter looped symbolic link. It should break when over MAXSYMLINKS symbolic links are encountered like system calls. >How-To-Repeat: [test.c] ----------------------------------------------------- #include #include #include #include main() { char buf[MAXPATHLEN]; char *p; printf("You can see this message.\n"); p = realpath("a", buf); printf("You cannot see this message.\n"); if (p == NULL) { printf("errno = %d\n", errno); perror("realpath"); exit(1); } printf("%s\n", p); exit(0); } ----------------------------------------------------- % cc test.c % ln -s a b % ln -s b a % ./a.out You can see this message. ... doesn't return ... >Fix: [/usr/src/lib/libc/stdlib/realpath.c] *** realpath.c.org Wed May 21 22:27:22 1997 --- realpath.c Fri Jun 20 14:51:08 1997 *************** *** 62,67 **** --- 62,68 ---- struct stat sb; int fd, n, rootd, serrno; char *p, *q, wbuf[MAXPATHLEN]; + int symlinks = 0; /* Save the starting point. */ if ((fd = open(".", O_RDONLY)) < 0) { *************** *** 100,105 **** --- 101,110 ---- /* Deal with the last component. */ if (*p != '\0' && lstat(p, &sb) == 0) { if (S_ISLNK(sb.st_mode)) { + if (++symlinks > MAXSYMLINKS) { + errno = ELOOP; + goto err1; + } n = readlink(p, resolved, MAXPATHLEN); if (n < 0) goto err1; >Audit-Trail: >Unformatted: