diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2005-03-01 00:42:41 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2005-03-01 00:42:41 +0000 |
| commit | 8b8b797292218050ff191ccb90da498862afd0f2 (patch) | |
| tree | af2f3e0fd794ea7430f73b688611dfab0d5d69d9 | |
| parent | 61062f56304750c367c5c1533351621353c112a7 (diff) | |
| download | glibc-8b8b797292218050ff191ccb90da498862afd0f2.tar.gz glibc-8b8b797292218050ff191ccb90da498862afd0f2.tar.xz glibc-8b8b797292218050ff191ccb90da498862afd0f2.zip | |
(__getcwd_chk): Always fail if the buffer is too small.
| -rw-r--r-- | debug/getcwd_chk.c | 6 | ||||
| -rw-r--r-- | debug/pread64_chk.c | 9 | ||||
| -rw-r--r-- | debug/readlink_chk.c | 13 |
3 files changed, 11 insertions, 17 deletions
diff --git a/debug/getcwd_chk.c b/debug/getcwd_chk.c index 9e14a0102e..cb864c858e 100644 --- a/debug/getcwd_chk.c +++ b/debug/getcwd_chk.c @@ -24,8 +24,8 @@ char * __getcwd_chk (char *buf, size_t size, size_t buflen) { - char *res = __getcwd (buf, MIN (size, buflen)); - if (res == NULL && errno == ERANGE && size > buflen) + if (size > buflen) __chk_fail (); - return res; + + return __getcwd (buf, size); } diff --git a/debug/pread64_chk.c b/debug/pread64_chk.c index 5402e05b86..daea1d7091 100644 --- a/debug/pread64_chk.c +++ b/debug/pread64_chk.c @@ -23,11 +23,8 @@ ssize_t __pread64_chk (int fd, void *buf, size_t nbytes, off64_t offset, size_t buflen) { - /* In case NBYTES is greater than BUFLEN, we read BUFLEN+1 bytes. - This might overflow the buffer but the damage is reduced to just - one byte. And the program will terminate right away. */ - ssize_t n = __pread64 (fd, buf, offset, MIN (nbytes, buflen + 1)); - if (n > 0 && (size_t) n > buflen) + if (nbytes > buflen) __chk_fail (); - return n; + + return __pread64 (fd, buf, offset, MIN (nbytes, buflen + 1)); } diff --git a/debug/readlink_chk.c b/debug/readlink_chk.c index 662041957a..d8d61dc699 100644 --- a/debug/readlink_chk.c +++ b/debug/readlink_chk.c @@ -27,15 +27,12 @@ ssize_t __readlink_chk (const char *path, void *buf, size_t len, size_t buflen) { - /* In case LEN is greater than BUFLEN, we read BUFLEN+1 bytes. - This might overflow the buffer but the damage is reduced to just - one byte. And the program will terminate right away. */ + if (len > buflen) + __chk_fail (); + #ifdef HAVE_INLINED_SYSCALLS - int n = INLINE_SYSCALL (readlink, 3, path, buf, MIN (len, buflen + 1)); + return INLINE_SYSCALL (readlink, 3, path, buf, MIN (len, buflen + 1)); #else - int n = __readlink (path, buf, MIN (len, buflen + 1)); + return __readlink (path, buf, MIN (len, buflen + 1)); #endif - if (n > 0 && (size_t) n > buflen) - __chk_fail (); - return n; } |