Please sign in to comment.
[Yocto #2639] Don't crash with really long chroot directories
The logic for whether to allocate space for the "base" path in pseudo_fix_path recognized that you don't need it when the path you're evaluating starts with a slash. This is great, except: 1. It's not actually true, if rootlen isn't 0. 2. The decision of whether or not to copy over the base path didn't check for this, so it would happen anyway. The net result is, if you had a path in excess of 256 characters as a base (say, a chroot directory), and you tried to evaluate a path starting with a slash (say, /etc/shadow), pseudo would allocate enough space for the path, but not for the base path, and then copy the base path into it anyway. The rounding up to multiples of 256 isn't enough to save us in this case. Solution: 1. Make the logic for the base path copy match the allocation logic. 2. Use (path != '/' || rootlen) as the second part of the test, because if there's a non-zero rootlen, we're in a chroot and MUST preserve at least some of the path. This could maybe be smarter (what if we only allocated space for rootlen in that case?) except that in reality, it's very very often the case that baselen == rootlen, and it's not as though we want MORE complexity.
- Loading branch information...