diff options
author | Brian Behlendorf <[email protected]> | 2012-10-04 12:54:47 -0700 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2012-10-04 13:19:10 -0700 |
commit | ae380cfa76e4d61bc6373b6b4e97bc3cac0a3a6e (patch) | |
tree | d71b3e5464c6948fc99b263f273448f3e6b2842f /cmd | |
parent | 5be98cfe2fd81145c9c16ddbe3b4d7d52f687157 (diff) |
Realpath arg 2 must be a minimum of PATH_MAX
The realpath(3) function expects that when a buffer is passed
for the 'resolved_path' that it be at least PATH_MAX in length.
If it's not a buffer overflow may occur.
Therefore the passed buffer size is changed from MAXNAMELEN to
MAXPATHLEN. We also take this opertunity to dynamically allocate
the buffer to keep it off the stack.
warning: call to '__realpath_chk_warn' declared with attribute
warning: second argument of realpath must be either NULL or at
least PATH_MAX bytes long buffer [enabled by default]
Signed-off-by: Brian Behlendorf <[email protected]>
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/ztest/ztest.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/cmd/ztest/ztest.c b/cmd/ztest/ztest.c index 09f3d5678..4479c5939 100644 --- a/cmd/ztest/ztest.c +++ b/cmd/ztest/ztest.c @@ -729,13 +729,16 @@ process_options(int argc, char **argv) UINT64_MAX >> 2); if (strlen(altdir) > 0) { - char cmd[MAXNAMELEN]; - char realaltdir[MAXNAMELEN]; + char *cmd; + char *realaltdir; char *bin; char *ztest; char *isa; int isalen; + cmd = umem_alloc(MAXPATHLEN, UMEM_NOFAIL); + realaltdir = umem_alloc(MAXPATHLEN, UMEM_NOFAIL); + VERIFY(NULL != realpath(getexecname(), cmd)); if (0 != access(altdir, F_OK)) { ztest_dump_core = B_FALSE; @@ -767,6 +770,9 @@ process_options(int argc, char **argv) fatal(B_TRUE, "invalid alternate lib directory %s", zo->zo_alt_libpath); } + + umem_free(cmd, MAXPATHLEN); + umem_free(realaltdir, MAXPATHLEN); } } |