[pacman-dev] [PATCH 1/2] pacman: fix possible buffer overflow

Morgan Adamiec morganamilo at gmail.com
Sat Sep 22 22:18:08 UTC 2018


On Sat, 22 Sep 2018 at 22:57, Andrew Gregory <andrew.gregory.8 at gmail.com> wrote:
> Set errno to ENAMETOOLONG and return NULL, just like realpath.

The problem still remains. You can input a filename that's < PATH_MAX
and have it resolve to something > PATH_MAX. You have no way to print
what that resolved path was. You can print the original file name but
that could be misleading.

Although I guess the chances of any one running into that is pretty
tiny. So the solution might just be to not care and print the original
filename.

I'll make a patch for it, see what people think.


More information about the pacman-dev mailing list