[Bug 219154] [PATCH] buffer overflows in realpath(3)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu May 18 05:12:16 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219154
--- Comment #7 from Jan Kokemüller <jan.kokemueller at gmail.com> ---
Created attachment 182684
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182684&action=edit
More tests for realpath(3)
Here is a patch that adds 'lib/libc/tests/gen/realpath2_test.c'.
The first test triggers the out of bounds read of the 'left' array. It only
fails when realpath.c is compiled with '-fsanitize=address' so I'm not sure how
useful this test is. I didn't manage to read more than one byte beyond the
buffer or trigger some visible faulty behavior.
The other test checks for ENOENT when running into an empty symlink. This
matches NetBSD's realpath(3) semantics. Previously, empty symlinks were treated
like ".".
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-security
mailing list