bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-31 17:44 UTC
[Bug 1748] New: getcwd being called with invalid argument in servconf.c
https://bugzilla.mindrot.org/show_bug.cgi?id=1748
Summary: getcwd being called with invalid argument in
servconf.c
Product: Portable OpenSSH
Version: 5.4p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: dan.mitton at ymp.gov
In servconf.c, the code segment...
char *
derelativise_path(const char *path)
{
char *expanded, *ret, *cwd;
expanded = tilde_expand_filename(path, getuid());
if (*expanded == '/')
return expanded;
if ((cwd = getcwd(NULL, 0)) == NULL)
fatal("%s: getcwd: %s", __func__, strerror(errno));
xasprintf(&ret, "%s/%s", cwd, expanded);
xfree(cwd);
xfree(expanded);
return ret;
}
is calling getcwd(NULL, 0). In the man pages from Solaris, is says...
ERRORS
The getcwd() function will fail if:
EINVAL The size argument is equal to 0.
I suspect that this should be PATH_MAX, rather then 0. This routine,
and hence the error, does not exist in 5.3p1.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Apr-09 00:30 UTC
[Bug 1748] getcwd being called with invalid argument in servconf.c
https://bugzilla.mindrot.org/show_bug.cgi?id=1748
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
Blocks| |1743
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2010-04-09
10:30:27 EST ---
Thanks for the report. This has been fixed and will be in the 5.5p1
release. You can confirm by testing a recent snapshot
(http://www.mindrot.org/openssh_snap/).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Apr-16 05:50 UTC
[Bug 1748] getcwd being called with invalid argument in servconf.c
https://bugzilla.mindrot.org/show_bug.cgi?id=1748
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> 2010-04-16 15:50:23
EST ---
Mass move of bugs RESOLVED->CLOSED following the release of
openssh-5.5p1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 1739] New: getcwd does not support size zero argument on Solaris
- Potential problem in derelativise_path
- possible deadcodes in sources
- [Bug 2278] New: 'configure --disable-lastlog' should mark PrintLastLog as unsupported in servconf.c
- [PATCH] dash: Fix "pwd -P" breakage due to getcwd(0, 0) usage