diff mbox series

pseudo_util: Improve handling of crazy length paths

Message ID 20220321135942.1176431-1-richard.purdie@linuxfoundation.org
State New
Headers show
Series pseudo_util: Improve handling of crazy length paths | expand

Commit Message

Richard Purdie March 21, 2022, 1:59 p.m. UTC 
Crazy shell code (e.g. libtool) can pass in a command pipeline as a
path which exceeds the max path length the system can support (6000+
chars). This will fail in libc or the syscall but if we don't do
something here, we'd segfault before it can do that. Leave path
unchanged and let libc deal with it.

This was observed with segfaults in libfm:do_install after the libtool
upgrade. It does depend on the length of the local build path too.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 pseudo_util.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/pseudo_util.c b/pseudo_util.c
index b9de81e..0a89535 100644
--- a/pseudo_util.c
+++ b/pseudo_util.c
@@ -827,12 +827,21 @@  pseudo_fix_path(const char *base, const char *path, size_t rootlen, size_t basel
 		return 0;
 	}
 	newpathlen = pseudo_path_max();
+	pathlen = strlen(path);
+	/* Crazy shell code (e.g. libtool) can pass in a command pipeline as a path which exceeds the max path
+	 * length the system can support (6000+ chars). This will fail in libc or the syscall but if we don't
+	 * do something here, we'd segfault before it can do that. Leave path unchanged and let libc deal 
+	 * with it. 
+	 */
+	if ((pathlen + baselen) >= newpathlen) {
+		return path;
+	}
 	if (!pathbufs[pathbuf]) {
 		pathbufs[pathbuf] = malloc(newpathlen);
 	}
 	newpath = pathbufs[pathbuf];
 	pathbuf = (pathbuf + 1) % PATHBUFS;
-	pathlen = strlen(path);
+
 	/* a trailing slash has special meaning, but processing
 	 * trailing slashes is expensive.
 	 */