|
Packit |
6c4009 |
/* Bug 22786: test for buffer overflow in realpath.
|
|
Packit |
6c4009 |
Copyright (C) 2018 Free Software Foundation, Inc.
|
|
Packit |
6c4009 |
This file is part of the GNU C Library.
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
The GNU C Library is free software; you can redistribute it and/or
|
|
Packit |
6c4009 |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6c4009 |
License as published by the Free Software Foundation; either
|
|
Packit |
6c4009 |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
The GNU C Library is distributed in the hope that it will be useful,
|
|
Packit |
6c4009 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6c4009 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6c4009 |
Lesser General Public License for more details.
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6c4009 |
License along with the GNU C Library; if not, see
|
|
Packit |
6c4009 |
<http://www.gnu.org/licenses/>. */
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* This file must be run from within a directory called "stdlib". */
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#include <errno.h>
|
|
Packit |
6c4009 |
#include <limits.h>
|
|
Packit |
6c4009 |
#include <stdio.h>
|
|
Packit |
6c4009 |
#include <stdlib.h>
|
|
Packit |
6c4009 |
#include <string.h>
|
|
Packit |
6c4009 |
#include <unistd.h>
|
|
Packit |
6c4009 |
#include <sys/stat.h>
|
|
Packit |
6c4009 |
#include <sys/types.h>
|
|
Packit Service |
d70c7b |
#include <support/check.h>
|
|
Packit Service |
d70c7b |
#include <support/support.h>
|
|
Packit Service |
d70c7b |
#include <support/temp_file.h>
|
|
Packit |
6c4009 |
#include <support/test-driver.h>
|
|
Packit |
6c4009 |
#include <libc-diag.h>
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
static int
|
|
Packit |
6c4009 |
do_test (void)
|
|
Packit |
6c4009 |
{
|
|
Packit Service |
d70c7b |
const char *dir = support_create_temp_directory ("bz22786.");
|
|
Packit Service |
d70c7b |
const char *lnk = xasprintf ("%s/symlink", dir);
|
|
Packit Service |
d70c7b |
const size_t path_len = (size_t) INT_MAX + strlen (lnk) + 1;
|
|
Packit Service |
6de65a |
|
|
Packit Service |
d70c7b |
TEST_VERIFY_EXIT (symlink (".", lnk) == 0);
|
|
Packit Service |
6de65a |
|
|
Packit Service |
6de65a |
DIAG_PUSH_NEEDS_COMMENT;
|
|
Packit Service |
6de65a |
#if __GNUC_PREREQ (7, 0)
|
|
Packit Service |
6de65a |
/* GCC 7 warns about too-large allocations; here we need such
|
|
Packit Service |
6de65a |
allocation to succeed for the test to work. */
|
|
Packit Service |
6de65a |
DIAG_IGNORE_NEEDS_COMMENT (7, "-Walloc-size-larger-than=");
|
|
Packit Service |
6de65a |
#endif
|
|
Packit Service |
d70c7b |
char *path = xmalloc (path_len);
|
|
Packit Service |
6de65a |
DIAG_POP_NEEDS_COMMENT;
|
|
Packit Service |
93dc7a |
|
|
Packit Service |
d70c7b |
/* Construct very long path = "/tmp/bz22786.XXXX/symlink/aaaa....." */
|
|
Packit Service |
d70c7b |
char *p = mempcpy (path, lnk, strlen (lnk));
|
|
Packit |
6c4009 |
*(p++) = '/';
|
|
Packit Service |
d70c7b |
memset (p, 'a', path_len - (p - path) - 2);
|
|
Packit Service |
d70c7b |
p[path_len - (p - path) - 1] = '\0';
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* This call crashes before the fix for bz22786 on 32-bit platforms. */
|
|
Packit |
6c4009 |
p = realpath (path, NULL);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
if (p != NULL || errno != ENAMETOOLONG)
|
|
Packit |
6c4009 |
{
|
|
Packit |
6c4009 |
printf ("realpath: %s (%m)", p);
|
|
Packit |
6c4009 |
return EXIT_FAILURE;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
/* Cleanup. */
|
|
Packit |
6c4009 |
unlink (lnk);
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
return 0;
|
|
Packit |
6c4009 |
}
|
|
Packit |
6c4009 |
|
|
Packit |
6c4009 |
#define TEST_FUNCTION do_test
|
|
Packit |
6c4009 |
#include <support/test-driver.c>
|