[Bug 1748] New: getcwd being called with invalid argument in servconf.c

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 1 04:44:20 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1748

           Summary: getcwd being called with invalid argument in
                    servconf.c
           Product: Portable OpenSSH
           Version: 5.4p1
          Platform: Sparc
        OS/Version: Solaris
            Status: NEW
          Severity: critical
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: dan.mitton at ymp.gov


In servconf.c, the code segment...

char *
derelativise_path(const char *path)
{
        char *expanded, *ret, *cwd;

        expanded = tilde_expand_filename(path, getuid());
        if (*expanded == '/')
                return expanded;
        if ((cwd = getcwd(NULL, 0)) == NULL)
                fatal("%s: getcwd: %s", __func__, strerror(errno));
        xasprintf(&ret, "%s/%s", cwd, expanded);
        xfree(cwd);
        xfree(expanded);
        return ret;
}

is calling getcwd(NULL, 0).  In the man pages from Solaris, is says...

ERRORS
     The getcwd() function will fail if:

     EINVAL          The size argument is equal to 0.

I suspect that this should be PATH_MAX, rather then 0.  This routine,
and hence the error, does not exist in 5.3p1.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list