bin/60079: realpath(3) accepts zero size symbolic links

dada at sbox.tugraz.at dada at sbox.tugraz.at
Tue Dec 9 07:00:40 PST 2003


>Number:         60079
>Category:       bin
>Synopsis:       realpath(3) accepts zero size symbolic links
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 09 07:00:35 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Martin Kammerhofer
>Release:        FreeBSD 4.9-STABLE i386
>Organization:
Graz University
>Environment:
System: FreeBSD Martin.liebt.Susi 4.9-STABLE FreeBSD 4.9-STABLE #0: Thu Nov 20
21:46:53 CET 2003 toor at Martin.liebt.Susi:/usr/obj/usr/src/sys/LEND4 i386
	Applies to -current and -stable.
>Description:
	The libc realpath(3) routine accepts zero size symbolic links
	without returning any error indication. Since namei(9) will
	never accept such a path this behaviour is misleading and
	could confuse applications.

	BTW Revision 1.13 of src/lib/libc/stdlib/realpath.3 needs a
	MFC.
>How-To-Repeat:
	/var/tmp$ ln -s "" ZEROLINK
	/var/tmp$ realpath ZEROLINK
	/var/tmp
	/var/tmp$ realpath ZEROLINK/vi.recover
	/var/tmp/vi.recover
>Fix:
--- src/lib/libc/stdlib/realpath.c.orig	Tue Dec  9 12:48:48 2003
+++ src/lib/libc/stdlib/realpath.c	Tue Dec  9 12:52:27 2003
@@ -149,11 +149,14 @@
 				return (NULL);
 			}
 			slen = readlink(resolved, symlink, sizeof(symlink) - 1);
-			if (slen < 0)
+			if (slen <= 0) {
+				if (slen == 0)
+					errno = ENOENT;
 				return (NULL);
+			}
 			symlink[slen] = '\0';
 			if (symlink[0] == '/') {
-				resolved[1] = 0;
+				resolved[1] = '\0';
 				resolved_len = 1;
 			} else if (resolved_len > 1) {
 				/* Strip the last path component. */

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list