libutil: Improve errmsg on readLink size mismatch.
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
This commit is contained in:
parent
411b237ee5
commit
bbd45ac80f
|
@ -193,8 +193,12 @@ Path readLink(const Path & path)
|
||||||
if (!S_ISLNK(st.st_mode))
|
if (!S_ISLNK(st.st_mode))
|
||||||
throw Error(format("‘%1%’ is not a symlink") % path);
|
throw Error(format("‘%1%’ is not a symlink") % path);
|
||||||
char buf[st.st_size];
|
char buf[st.st_size];
|
||||||
if (readlink(path.c_str(), buf, st.st_size) != st.st_size)
|
ssize_t rlsize = readlink(path.c_str(), buf, st.st_size);
|
||||||
|
if (rlsize == -1)
|
||||||
throw SysError(format("reading symbolic link ‘%1%’") % path);
|
throw SysError(format("reading symbolic link ‘%1%’") % path);
|
||||||
|
else if (rlsize != st.st_size)
|
||||||
|
throw Error(format("symbolic link ‘%1%’ size mismatch %2% != %3%")
|
||||||
|
% path % rlsize % st.st_size);
|
||||||
return string(buf, st.st_size);
|
return string(buf, st.st_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue