[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
get_current_working_directory buffer overflow
From: |
Tobias Stoeckmann |
Subject: |
get_current_working_directory buffer overflow |
Date: |
Sun, 21 Jun 2015 12:26:39 +0200 |
The function get_current_working_directory retrieves the current
working directory by calling getcwd() or, if that fails, by reading
the environment variable PWD.
In either case, get_current_working_directory verifies that the path
ends with a slash. If not, it will append it.
Unfortunately, get_current_working_directory doesn't check if there
is enough space to add a trailing slash. This could lead to a buffer
overflow of one character if the path is 255 characters long.
This quick and simple fix just verifies that the path is at max 254
characters long. But in general I would recommend to use a dynamically
allocated array.
--- which-2.21/which.c~ 2015-06-21 11:53:10.569495520 +0200
+++ which-2.21/which.c 2015-06-21 11:56:30.490904503 +0200
@@ -170,10 +170,10 @@
if (cwdlen)
return;
- if (!getcwd(cwd, sizeof(cwd)))
+ if (!getcwd(cwd, sizeof(cwd) - 1))
{
const char *pwd = getenv("PWD");
- if (pwd && strlen(pwd) < sizeof(cwd))
+ if (pwd && strlen(pwd) < sizeof(cwd) - 1)
strcpy(cwd, pwd);
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- get_current_working_directory buffer overflow,
Tobias Stoeckmann <=