qiurui
/
glibc
mirror of git://sourceware.org/git/glibc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
glibc/sysdeps/posix
History
Siddhesh Poyarekar 4ad1659d8c getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) 
No valid path returned by getcwd would fit into 1 byte, so reject the
size early and return NULL with errno set to ERANGE.  This change is
prompted by CVE-2021-3999, which describes a single byte buffer
underflow and overflow when all of the following conditions are met:

- The buffer size (i.e. the second argument of getcwd) is 1 byte
- The current working directory is too long
- '/' is also mounted on the current working directory

Sequence of events:

- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
  because the linux kernel checks for name length before it checks
  buffer size

- The code falls back to the generic getcwd in sysdeps/posix

- In the generic func, the buf[0] is set to '\0' on line 250

- this while loop on line 262 is bypassed:

    while (!(thisdev == rootdev && thisino == rootino))

  since the rootfs (/) is bind mounted onto the directory and the flow
  goes on to line 449, where it puts a '/' in the byte before the
  buffer.

- Finally on line 458, it moves 2 bytes (the underflowed byte and the
  '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.

- buf is returned on line 469 and errno is not set.

This resolves BZ #28769.

Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 23e0e8f5f1)
 		2022-08-18 00:14:28 +02:00
..
Makefile
Subdirs Make sysdeps/posix bring in login subdir. 2015-07-23 17:04:22 -07:00
alarm.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
clock.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
clock_getres.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
closedir.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
ctermid.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
cuserid.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
dirfd.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
dirstream.h Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
dl-fileid.h Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
dup.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
dup2.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
euidaccess.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
fdopendir.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
flock.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
fpathconf.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
gai_strerror-strs.h
gai_strerror.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
getaddrinfo.c getaddrinfo: Fix resource leak after strdup failure in gethosts [BZ #25425] 2020-01-20 18:37:13 +01:00
getcwd.c getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) 2022-08-18 00:14:28 +02:00
getdtsz.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
gethostname.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
getpagesize.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
isatty.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
isfdtype.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
killpg.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
libc_fatal.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
mkfifo.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
mkfifoat.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
nice.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
open64.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
opendir.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pathconf.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pause.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
posix_fallocate.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
posix_fallocate64.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pread.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pread64.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
preadv.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
preadv2.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
preadv64.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
preadv64v2.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
preadv_common.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
profil.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pwrite.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pwrite64.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pwritev.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pwritev2.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pwritev64.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pwritev64v2.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
pwritev_common.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
raise.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
readdir.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
readdir_r.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
readv.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
remove.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
rename.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
rewinddir.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
seekdir.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
shm-directory.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
shm-directory.h Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
shm_open.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
shm_unlink.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigblock.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigignore.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigintr.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
signal.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigpause.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigset.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigsetmask.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigsuspend.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sigwait.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sleep.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
spawni.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sprofil.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
sysconf.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
system.c posix: Fix system error return value [BZ #25715] 2020-03-24 09:15:19 -03:00
sysv_signal.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
telldir.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
tempname.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
truncate.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
ttyname.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
ttyname_r.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
ulimit.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
usleep.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
utime.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
utimes.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
waitid.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
writev.c Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00