wrong strlcat limit value in realpath.c

Todd C. Miller Todd.Miller at courtesan.com
Wed Oct 14 07:57:35 AEDT 2015

On Tue, 13 Oct 2015 12:36:45 -0700, William Ahern wrote:

> In realpath.c at line 182
> 	left_len = strlcat(symlink, left, sizeof(left));
> should be
> 	left_len = strlcat(symlink, left, sizeof(symlink));
> It's a benign issue because both arrays are the same size. And I can't
> imagine that ever changing. But it's inconsistent, not to mention throwing
> compiler warnings on OS X.

Correct.  This was fixed some time ago i version shipped with OpenSSH
was not updated.  The truncation check immediately following the
strlcat also should use sizeof(symlink) rather than sizeof(left).

 - todd

More information about the openssh-unix-dev mailing list