Verified Commit 67c71aab authored by Tommaso Tocci's avatar Tommaso Tocci
Browse files

fix buffer overflow: readlink write 

readlink write at most PATH_MAX, thus we need to support also the worst case
scenario in which all the bytes are written.
parent a9b4c16b

ifs/src/preload/resolve.cpp

+4 −3
Original line number Diff line number Diff line 
#include <vector>

#include <string>

#include <sys/stat.h>

#include <limits.h>

#include <cassert>



#include "global/path_util.hpp"
@@ -141,13 +142,13 @@ unsigned int path_match_components(const std::string& path, unsigned int &path_c 
                if (!resolve_last_link && end == path.size()) {

                    continue;

                }

                char link_resolved[PATH_MAX_LEN];

                if (LIBC_FUNC(realpath, resolved.c_str(), link_resolved) == nullptr) {

                auto link_resolved = std::unique_ptr<char[]>(new char[PATH_MAX]);

                if (LIBC_FUNC(realpath, resolved.c_str(), link_resolved.get()) == nullptr) {

                    CTX->log()->error("{}() Failed to get realpath for link '{}'. Error: {}", __func__, resolved, strerror(errno));

                    throw std::runtime_error("Failed to get realpath for link '" + resolved + "'. Error: " + strerror(errno));

                }

                // substituute resolved with new link path

                resolved = link_resolved;

                resolved = link_resolved.get();

                matched_components = path_match_components(resolved, resolved_components, mnt_components);

                // set matched counter to value coherent with the new path

                last_slash_pos = resolved.find_last_of(PSP);