In realpath.c at line 182 left_len = strlcat(symlink, left, sizeof(left)); should be left_len = strlcat(symlink, left, sizeof(symlink)); It's a benign issue because both arrays are the same size. And I can't imagine that ever changing. But it's inconsistent, not to mention throwing compiler warnings on OS X.
On Tue, 13 Oct 2015 12:36:45 -0700, William Ahern wrote:> In realpath.c at line 182 > > left_len = strlcat(symlink, left, sizeof(left)); > > should be > > left_len = strlcat(symlink, left, sizeof(symlink)); > > It's a benign issue because both arrays are the same size. And I can't > imagine that ever changing. But it's inconsistent, not to mention throwing > compiler warnings on OS X.Correct. This was fixed some time ago i version shipped with OpenSSH was not updated. The truncation check immediately following the strlcat also should use sizeof(symlink) rather than sizeof(left). - todd
On Tue, 13 Oct 2015, Todd C. Miller wrote:> On Tue, 13 Oct 2015 12:36:45 -0700, William Ahern wrote: > > > In realpath.c at line 182 > > > > left_len = strlcat(symlink, left, sizeof(left)); > > > > should be > > > > left_len = strlcat(symlink, left, sizeof(symlink)); > > > > It's a benign issue because both arrays are the same size. And I can't > > imagine that ever changing. But it's inconsistent, not to mention throwing > > compiler warnings on OS X. > > Correct. This was fixed some time ago i version shipped with OpenSSH > was not updated. The truncation check immediately following the > strlcat also should use sizeof(symlink) rather than sizeof(left).Thanks, I've just synced the OpenSSH openbsd-compat/realpath.c to -current. -d