Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 17 Dec 2019 22:52:29 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Cc: Liu Jie <liujie1@...wei.com>
Subject: Re: [PATCH] coresight: getcwd: modify the processing of parameters

On Wed, Dec 18, 2019 at 10:51:32AM +0800, Liu Jie wrote:
> According to POSIX 2008, the getcwd() function shall fail if:
> [EINVAL] The size argument is 0.
> [ERANGE] The size argument is greater than 0, but is smaller
>          than the length of the string +1.
> The size should not be assigned, even if buf is NULL, otherwise
> the error ERANGE cannot be correctly judged.
> 
> Signed-off-by: Liu Jie <liujie1@...wei.com>
> ---
>  src/unistd/getcwd.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/unistd/getcwd.c b/src/unistd/getcwd.c
> index f407ffe0..ee2e97e9 100644
> --- a/src/unistd/getcwd.c
> +++ b/src/unistd/getcwd.c
> @@ -9,8 +9,8 @@ char *getcwd(char *buf, size_t size)
>  	char tmp[buf ? 1 : PATH_MAX];
>  	if (!buf) {
>  		buf = tmp;
> -		size = sizeof tmp;
> -	} else if (!size) {
> +	}
> +	if (!size) {
>  		errno = EINVAL;
>  		return 0;
>  	}

This breaks getcwd(0,123) and similar; I think you missed that the
behavior of such is unspecified (and even if it weren't explicitly
unspecified, it would be undefined since a null pointer wouldn't meet
the requirement to point to an array. See (DESCRIPTION):

    "If buf is a null pointer, the behavior of getcwd() is
    unspecified."

and (RATIONALE):

    "On some implementations, if buf is a null pointer, getcwd() may
    obtain size bytes of memory using malloc(). In this case, the
    pointer returned by getcwd() may be used as the argument in a
    subsequent call to free(). Invoking getcwd() with buf as a null
    pointer is not recommended in conforming applications."

We do differ from glibc and some other implementations here in that
size is not used; rather the buffer allocated is always sized to match
what's needed for the string. This behavior is outside the scope of
the standard and arguably better than what other implementations do
(it does not spuriously fail due to short size nor waste memory on an
oversized buffer), but I recall someone complaining once that it
differed.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.