Date: Thu, 18 May 2017 05:12:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-security@FreeBSD.org Subject: [Bug 219154] [PATCH] buffer overflows in realpath(3) Message-ID: <bug-219154-5710-Fcgp7C8LoS@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-219154-5710@https.bugs.freebsd.org/bugzilla/> References: <bug-219154-5710@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219154 --- Comment #7 from Jan Kokem=C3=BCller <jan.kokemueller@gmail.com> --- Created attachment 182684 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D182684&action= =3Dedit More tests for realpath(3) Here is a patch that adds 'lib/libc/tests/gen/realpath2_test.c'. The first test triggers the out of bounds read of the 'left' array. It only fails when realpath.c is compiled with '-fsanitize=3Daddress' so I'm not su= re how useful this test is. I didn't manage to read more than one byte beyond the buffer or trigger some visible faulty behavior. The other test checks for ENOENT when running into an empty symlink. This matches NetBSD's realpath(3) semantics. Previously, empty symlinks were tre= ated like ".". --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219154-5710-Fcgp7C8LoS>