Verified Commit 56b26002 authored by Tommaso Tocci's avatar Tommaso Tocci
Browse files

fix buffer overflow: readlink write 

readlink write at most PATH_MAX, thus we need to support also the worst case
scenario in which all the bytes are written.
parent e6a7efa6

ifs/src/preload/resolve.cpp

+2 −1
Original line number Diff line number Diff line 
#include <vector>

#include <string>

#include <sys/stat.h>

#include <limits.h>

#include <cassert>

#include <libsyscall_intercept_hook_point.h>
@@ -111,7 +112,7 @@ bool resolve_path (const std::string& path, std::string& resolved, bool resolve_ 
                if (!resolve_last_link && end == path.size()) {

                    continue;

                }

                char link_resolved[st.st_size + 1];

                char * link_resolved = new char[PATH_MAX];

                if (realpath(resolved.c_str(), link_resolved) == nullptr) {

                    CTX->log()->error("{}() Failed to get realpath for link '{}'. Error: {}", __func__, resolved, strerror(errno));

                    resolved.append(path, end, std::string::npos);