Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Jun 1997 14:59:13 +0900 (JST)
From:      shigio@wafu.netgate.net
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Cc:        shigio@wafu.netgate.net
Subject:   misc/3911: realpath(3) fall into infinit loop.
Message-ID:  <199706192206.WAA10618@wafu.netgate.net>
Resent-Message-ID: <199706200610.XAA13999@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         3911
>Category:       misc
>Synopsis:       realpath(3) fall into infinit loop.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 19 23:10:03 PDT 1997
>Last-Modified:
>Originator:     Shigio Yamaguchi
>Organization:
Freelance programmer
>Release:        FreeBSD 2.2.1-RELEASE i386
>Environment:

	All environment

>Description:

	Realpath fall into infinit loop when encounter looped symbolic link.
	It should break when over MAXSYMLINKS symbolic links are encountered
	like system calls.

>How-To-Repeat:

	[test.c]
	-----------------------------------------------------
	#include <stdio.h>
	#include <sys/param.h>
	#include <stdlib.h>
	#include <errno.h>

	main() {
		char buf[MAXPATHLEN];
		char *p;

		printf("You can see this message.\n");
		p = realpath("a", buf);
		printf("You cannot see this message.\n");
		if (p == NULL) {
			printf("errno = %d\n", errno);
			perror("realpath");
			exit(1);
		}
		printf("%s\n", p);
		exit(0);
	}
	-----------------------------------------------------

	% cc test.c
	% ln -s a b
        % ln -s b a
	% ./a.out
	You can see this message.

	... doesn't return ...

>Fix:

	[/usr/src/lib/libc/stdlib/realpath.c]

	*** realpath.c.org      Wed May 21 22:27:22 1997
	--- realpath.c  Fri Jun 20 14:51:08 1997
	***************
	*** 62,67 ****
	--- 62,68 ----
		struct stat sb;
		int fd, n, rootd, serrno;
		char *p, *q, wbuf[MAXPATHLEN];
	+       int symlinks = 0;
	  
		/* Save the starting point. */
		if ((fd = open(".", O_RDONLY)) < 0) {
	***************
	*** 100,105 ****
	--- 101,110 ----
		/* Deal with the last component. */
		if (*p != '\0' && lstat(p, &sb) == 0) {
			if (S_ISLNK(sb.st_mode)) {
	+                       if (++symlinks > MAXSYMLINKS) {
	+                               errno = ELOOP;
	+                               goto err1;
	+                       }
				n = readlink(p, resolved, MAXPATHLEN);
				if (n < 0)
					goto err1;
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706192206.WAA10618>