[Libreoffice-bugs] [Bug 118514] overflow at realpath()
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Wed Jul 4 12:53:00 UTC 2018
https://bugs.documentfoundation.org/show_bug.cgi?id=118514
--- Comment #3 from Stephan Bergmann <sbergman at redhat.com> ---
(In reply to Dhiraj from comment #0)
> File:
> https://github.com/LibreOffice/core/blob/master/desktop/unx/source/start.
> c#L191
i.e.,
dummy = realpath(pPath, pRealPath);
> This function does not protect against buffer overflows, and some
> implementations can overflow internally.
>
> Ensure that the destination buffer is at least of size MAXPATHLEN, andto
> protect against implementation problems, the input argument should also be
> checked to ensure it is no larger than MAXPATHLEN.
What is MAXPATHLEN? What platform are you talking about? At least SUSv4
doesn't have any such requirements on realpath(3), nor does it mention
MAXPATHLEN.
> According to the documentation of realpath() the output buffer needs to be
> at least of size PATH_MAX specifying output buffers large enough to handle
> the maximum-size possible result from path manipulation functions.
...and pRealPath is of sufficient size, see
char pRealPath[PATH_MAX];
a few lines further up. Or what am I missing?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20180704/b8e5d3b0/attachment.html>
More information about the Libreoffice-bugs
mailing list