Synopsis: off-by-one error in realpath(3)
NetBSD versions: 1.6.1, 1.6, 1.5.3, 1.5.2, 1.5.1, 1.5
Thanks to: Jun-ichiro itojun Hagino
Reported in NetBSD Security Advisory: NetBSD-SA2003-011


Index: lib/libc/gen/getcwd.c
===================================================================
RCS file: /cvsroot/src/lib/libc/gen/getcwd.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -c -r1.29 -r1.30
*** getcwd.c    2003/08/03 04:12:01     1.29
--- getcwd.c    2003/08/03 04:14:00     1.30
***************
*** 175,182 ****
                       goto err1;
               }
               if (rootd == 0)
!                       (void)strcat(resolved, "/"); /* XXX: strcat is safe */
!               (void)strcat(resolved, wbuf);   /* XXX: strcat is safe */
       }

       /* Go back to where we came from. */
--- 175,182 ----
                       goto err1;
               }
               if (rootd == 0)
!                       (void)strlcat(resolved, "/", MAXPATHLEN);
!               (void)strlcat(resolved, wbuf, MAXPATHLEN);
       }

       /* Go back to where we came from. */

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.