diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-01-17 11:16:31 +0100 |
---|---|---|
committer | Sven Eden <yamakuzure@gmx.net> | 2018-05-30 07:50:10 +0200 |
commit | 8298a315bce73eaa6b80e545e75b669650e62b14 (patch) | |
tree | aaf99ec538ca787a3f237a26265b525531863a9d /src/basic/path-util.c | |
parent | 7ac6f0842a9dcd363f0a6ec0a2ae7ab14c3b2edc (diff) |
path-util: introduce new safe_getcwd() wrapper
It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:
https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
Diffstat (limited to 'src/basic/path-util.c')
-rw-r--r-- | src/basic/path-util.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/basic/path-util.c b/src/basic/path-util.c index 2be77126c..97cb5046a 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -92,6 +92,24 @@ char *path_make_absolute(const char *p, const char *prefix) { } #endif // 0 +int safe_getcwd(char **ret) { + char *cwd; + + cwd = get_current_dir_name(); + if (!cwd) + return negative_errno(); + + /* Let's make sure the directory is really absolute, to protect us from the logic behind + * CVE-2018-1000001 */ + if (cwd[0] != '/') { + free(cwd); + return -ENOMEDIUM; + } + + *ret = cwd; + return 0; +} + int path_make_absolute_cwd(const char *p, char **ret) { char *c; |