From: Soeren D. S. <soe...@gm...> - 2005-12-14 14:37:50
|
Sam Steingold schrieb: > I took a different path - in line with existing code in unix.d > thanks for reporting the bug. Sorry for replying so late... I think your path introduces a security issue: realpath does not notice that MAXPATHLEN is defined in the code; it still assumes that it acts on a system without any limits. So if the path is longer than MAXPATHLEN, a buffer overflow might occur. However, I will check other uses of MAXPATHLEN and try to fix them in compliance to the GNU coding standards, which definitely prohibit artificial limitations. The definition of MAXPATHLEN in unix.d might introduce yet other security issues. Those fixes will not touch the existing code a non-trivial way, as MAXPATHLEN is a system limitation and it is safe to work with if it is actually imposed by the system. GNU libc provides features that work without artificial limits conveniently (as realpath() accepting NULL as I used in my patch). I am, however, unsure about other other systems that might not define MAXPATHLEN but work a different way here. Perhaps individual configure checks are the right way to examine this, even though I am not aware of any platform that might cause problems. Defining MAXPATHLEN on one's own is probably never a clean fix. It is even a bit dangerous because it hides the problems instead of fixing them. I will send you the patch when it is done. Sören |