blob: dd99b44873efc0a0fe3c4bc147a4c722f6073bbd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 24 Aug 2020 11:42:27 +0200
Subject: [PATCH] unix: don't use _POSIX_PATH_MAX
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
("unix: do not require PATH_MAX to be defined") from September 2018.
_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
is always 256, the real max is often much bigger.
This commit fixes buffer overruns when processing very long paths in
uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
enough memory to store the result.
Fixes: https://github.com/libuv/libuv/issues/2965
PR-URL: https://github.com/libuv/libuv/pull/2966
Upstream-Status: Backport [https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd]
CVE: CVE-2020-8252
Signed-off-by: Andrej Kozemcak <andrej.kozemcak@siemens.com>
---
src/unix/internal.h | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/unix/internal.h b/src/unix/internal.h
index 30711673e0..9d3c2297f8 100644
--- a/src/unix/internal.h
+++ b/src/unix/internal.h
@@ -62,9 +62,7 @@
# include <AvailabilityMacros.h>
#endif
-#if defined(_POSIX_PATH_MAX)
-# define UV__PATH_MAX _POSIX_PATH_MAX
-#elif defined(PATH_MAX)
+#if defined(PATH_MAX)
# define UV__PATH_MAX PATH_MAX
#else
# define UV__PATH_MAX 8192
|
