Realpath arg 2 must be a minimum of PATH_MAX

The realpath(3) function expects that when a buffer is passed for the 'resolved_path' that it be at least PATH_MAX in length. If it's not a buffer overflow may occur. Therefore the passed buffer size is changed from MAXNAMELEN to MAXPATHLEN. We also take this opertunity to dynamically allocate the buffer to keep it off the stack. warning: call to '__realpath_chk_warn' declared with attribute warning: second argument of realpath must be either NULL or at least PATH_MAX bytes long buffer [enabled by default] Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
GR360RY · Oct 4, 2012 · ae380cf · ae380cf
1 parent 5be98cf
commit ae380cf
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/cmd/ztest/ztest.c b/cmd/ztest/ztest.c
@@ -729,13 +729,16 @@ process_options(int argc, char **argv)
 	    UINT64_MAX >> 2);
 
 	if (strlen(altdir) > 0) {
-		char cmd[MAXNAMELEN];
-		char realaltdir[MAXNAMELEN];
+		char *cmd;
+		char *realaltdir;
 		char *bin;
 		char *ztest;
 		char *isa;
 		int isalen;
 
+		cmd = umem_alloc(MAXPATHLEN, UMEM_NOFAIL);
+		realaltdir = umem_alloc(MAXPATHLEN, UMEM_NOFAIL);
+
 		VERIFY(NULL != realpath(getexecname(), cmd));
 		if (0 != access(altdir, F_OK)) {
 			ztest_dump_core = B_FALSE;
@@ -767,6 +770,9 @@ process_options(int argc, char **argv)
 			fatal(B_TRUE, "invalid alternate lib directory %s",
 			    zo->zo_alt_libpath);
 		}
+
+		umem_free(cmd, MAXPATHLEN);
+		umem_free(realaltdir, MAXPATHLEN);
 	}
 }