diff options
author | Dmitry V. Levin <ldv@altlinux.org> | 2018-01-07 02:03:41 +0000 |
---|---|---|
committer | Dmitry V. Levin <ldv@altlinux.org> | 2018-01-12 14:49:49 +0000 |
commit | 52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 (patch) | |
tree | 54015de9e9109423e62967df2f6b0eb2b9a4284c /NEWS | |
parent | 249a5895f120b13290a372a49bb4b499e749806f (diff) | |
download | glibc-52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94.tar.gz glibc-52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94.tar.xz glibc-52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94.zip |
linux: make getcwd(3) fail if it cannot obtain an absolute path [BZ #22679]
Currently getcwd(3) can succeed without returning an absolute path because the underlying getcwd syscall, starting with linux commit v2.6.36-rc1~96^2~2, may succeed without returning an absolute path. This is a conformance issue because "The getcwd() function shall place an absolute pathname of the current working directory in the array pointed to by buf, and return buf". This is also a security issue because a non-absolute path returned by getcwd(3) causes a buffer underflow in realpath(3). Fix this by checking the path returned by getcwd syscall and falling back to generic_getcwd if the path is not absolute, effectively making getcwd(3) fail with ENOENT. The error code is chosen for consistency with the case when the current directory is unlinked. [BZ #22679] CVE-2018-1000001 * sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to generic_getcwd if the path returned by getcwd syscall is not absolute. * io/tst-getcwd-abspath.c: New test. * io/Makefile (tests): Add tst-getcwd-abspath.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 75bf46776a..79736dbee8 100644 --- a/NEWS +++ b/NEWS @@ -199,6 +199,10 @@ Security related changes: for AT_SECURE or SUID binaries could be used to load libraries from the current directory. + CVE-2018-1000001: Buffer underflow in realpath function when getcwd function + succeeds without returning an absolute path due to unexpected behaviour + of the Linux kernel getcwd syscall. Reported by halfdog. + The following bugs are resolved with this release: [The release manager will add the list generated by |