New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unix: don't use _POSIX_PATH_MAX #2966
Conversation
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279 ("unix: do not require PATH_MAX to be defined") from September 2018. _POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not the actual max path size of the system libuv runs on. _POSIX_PATH_MAX is always 256, the real max is often much bigger. This commit fixes buffer overruns when processing very long paths in uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating enough memory to store the result. Fixes: libuv#2965
As this is a potential security vulnerability, I think it'd be good to get this released ASAP. The status of #2943 seems to be that we're blocked on Node.js test failures (sorry Colin, haven't looked at those yet) so maybe we can get a v1.38.2 out in the mean time? |
We could temporarily revert 12be29f (or really just one line from that change) and move forward with the release as originally planned. |
It looks like the CI failures are unrelated. |
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279 ("unix: do not require PATH_MAX to be defined") from September 2018. _POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not the actual max path size of the system libuv runs on. _POSIX_PATH_MAX is always 256, the real max is often much bigger. This commit fixes buffer overruns when processing very long paths in uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating enough memory to store the result. Fixes: #2965 PR-URL: #2966 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jameson Nash <vtjnash@gmail.com>
Landed in 0e6e862. Thanks! |
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279 ("unix: do not require PATH_MAX to be defined") from September 2018. _POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not the actual max path size of the system libuv runs on. _POSIX_PATH_MAX is always 256, the real max is often much bigger. This commit fixes buffer overruns when processing very long paths in uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating enough memory to store the result. Fixes: libuv#2965 PR-URL: libuv#2966 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jameson Nash <vtjnash@gmail.com> (cherry picked from commit 0e6e862)
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279 ("unix: do not require PATH_MAX to be defined") from September 2018. _POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not the actual max path size of the system libuv runs on. _POSIX_PATH_MAX is always 256, the real max is often much bigger. This commit fixes buffer overruns when processing very long paths in uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating enough memory to store the result. Fixes: libuv#2965 PR-URL: libuv#2966 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Jameson Nash <vtjnash@gmail.com>
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279
("unix: do not require PATH_MAX to be defined") from September 2018.
_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
is always 256, the real max is often much bigger.
This commit fixes buffer overruns when processing very long paths in
uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
enough memory to store the result.
Fixes: #2965
CI: https://ci.nodejs.org/job/libuv-test-commit/2012/