[Bug 1748] New: getcwd being called with invalid argument in servconf.c
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 1 04:44:20 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1748
Summary: getcwd being called with invalid argument in
servconf.c
Product: Portable OpenSSH
Version: 5.4p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: dan.mitton at ymp.gov
In servconf.c, the code segment...
char *
derelativise_path(const char *path)
{
char *expanded, *ret, *cwd;
expanded = tilde_expand_filename(path, getuid());
if (*expanded == '/')
return expanded;
if ((cwd = getcwd(NULL, 0)) == NULL)
fatal("%s: getcwd: %s", __func__, strerror(errno));
xasprintf(&ret, "%s/%s", cwd, expanded);
xfree(cwd);
xfree(expanded);
return ret;
}
is calling getcwd(NULL, 0). In the man pages from Solaris, is says...
ERRORS
The getcwd() function will fail if:
EINVAL The size argument is equal to 0.
I suspect that this should be PATH_MAX, rather then 0. This routine,
and hence the error, does not exist in 5.3p1.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list