picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

path-util: introduce new safe_getcwd() wrapper 

It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
This commit is contained in:
Lennart Poettering 2018-01-17 11:16:31 +01:00
parent cddd2ce106
commit a2556d25ae
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/basic/path-util.c
View File

@ -90,6 +90,24 @@ char *path_make_absolute(const char *p, const char *prefix) {
return strjoin(prefix, "/", p);
}
int safe_getcwd(char **ret) {
char *cwd;
cwd = get_current_dir_name();
if (!cwd)
return negative_errno();
/* Let's make sure the directory is really absolute, to protect us from the logic behind
* CVE-2018-1000001 */
if (cwd[0] != '/') {
free(cwd);
return -ENOMEDIUM;
}
*ret = cwd;
return 0;
}
int path_make_absolute_cwd(const char *p, char **ret) {
char *c;

1
src/basic/path-util.h
View File

@ -41,6 +41,7 @@ bool is_path(const char *p) _pure_;
int path_split_and_make_absolute(const char *p, char ***ret);
bool path_is_absolute(const char *p) _pure_;
char* path_make_absolute(const char *p, const char *prefix);
int safe_getcwd(char **ret);
int path_make_absolute_cwd(const char *p, char **ret);
int path_make_relative(const char *from_dir, const char *to_path, char **_r);
char* path_kill_slashes(char *path);