Summary: | cap_fileargs(3) is not robust against long paths | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Mark Johnston <markj> | ||||
Component: | bin | Assignee: | Mariusz Zaborski <oshogbo> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | cem, emaste, kevans, oshogbo | ||||
Priority: | --- | ||||||
Version: | CURRENT | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Mark Johnston
2019-08-07 16:04:08 UTC
Created attachment 206337 [details]
patch
This patch should fix the problem for you.
Does it work for you?
It does, thanks. I think it should fail if strlen(argv[i]) >= MAXPATHLEN, since MAXPATHLEN is supposed to be a buffer size, not a string length. A commit references this bug: Author: oshogbo Date: Wed Aug 7 19:30:33 UTC 2019 New revision: 350695 URL: https://svnweb.freebsd.org/changeset/base/350695 Log: cap_filergs: limit size of the file name The limit of the name in fileargs is twice the size of the MAXPATH. The nvlist will not add an element with the longer name. We can detect at this point that the path is too big, and simple return the same error as open(2) would. PR: 239700 Reported by: markj Tested by: markj MFC after: 2 weeks Changes: head/lib/libcasper/services/cap_fileargs/cap_fileargs.c |