Date: Wed, 16 Oct 1996 18:39:30 -0500 (CDT) From: karl@mcs.net To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1826: Bug in libc/gen/getcwd.c - null missing on end of string Message-ID: <199610162339.SAA02876@Codebase.mcs.net> Resent-Message-ID: <199610162340.QAA15577@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1826 >Category: bin >Synopsis: A null byte is not being added on the end of current directory >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 16 16:40:01 PDT 1996 >Last-Modified: >Originator: Karl >Organization: MCSNet >Release: FreeBSD 2.2-961004-SNAP i386 >Environment: libc.so problem; present in 2.2-961004-SNAP and likely up to now >Description: The getcwd() routine builds a string of parent directories (ie: "../") as it walks up the directory structure. When the "/" is added on, a null is not -- the buffer is malloc'd and as such is NOT guaranteed to be full of nulls! We should guarantee that the string being opened (opendir()) is in fact null terminated. >How-To-Repeat: Instrument getcwd() and trace what it tries to open under all conditions. You'll see random buffer data present. >Fix: Index: getcwd.c =================================================================== RCS file: /usr/cvs/src/lib/libc/gen/getcwd.c,v retrieving revision 1.6 diff -r1.6 getcwd.c 156a157 > *bup = 0; /* KSD 10/16/96 - Null was missing here ! */ -- Karl Denninger karl@mcs.net >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610162339.SAA02876>