| Message ID | 20220120093252.1911498-1-siddhesh@sourceware.org |
|---|---|
| Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id BD4F83858421 for <patchwork@sourceware.org>; Thu, 20 Jan 2022 09:33:30 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BD4F83858421 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1642671210; bh=SMTTTW+6GH9w47I9u2XEzhs1vBXYMKW0Lu68Cs8dpzQ=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=WFO18OLSVKNuOco3IsE5T6wQqETDvLAkkn6yIeqndcDvbYZCv2RCizYHtQuI95CXR BoXtR+jMWFMowrubzCEbcVEk9RyTKFhGo/JcAZVzRhHnhn8r02sXd0HI5O1AQr0Hjw OFYbSL9/8ACALuUksBqJSnfvu42936VDtyy65lew= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from crocodile.elm.relay.mailchannels.net (crocodile.elm.relay.mailchannels.net [23.83.212.45]) by sourceware.org (Postfix) with ESMTPS id D64043858D35 for <libc-alpha@sourceware.org>; Thu, 20 Jan 2022 09:33:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D64043858D35 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 713A8461868; Thu, 20 Jan 2022 09:33:06 +0000 (UTC) Received: from pdx1-sub0-mail-a307.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 11BB746186D; Thu, 20 Jan 2022 09:33:06 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a307.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.124.31.69 (trex/6.4.3); Thu, 20 Jan 2022 09:33:06 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Spot-Army: 76558ef734344848_1642671186340_3729542638 X-MC-Loop-Signature: 1642671186340:1285442981 X-MC-Ingress-Time: 1642671186340 Received: from rhbox.redhat.com (unknown [1.186.224.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a307.dreamhost.com (Postfix) with ESMTPSA id 4JfckR6FChz2S; Thu, 20 Jan 2022 01:33:03 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH v3 0/3] Fixes for CVE-2021-3998 and CVE-2021-3999 Date: Thu, 20 Jan 2022 15:02:49 +0530 Message-Id: <20220120093252.1911498-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220119082147.3352868-1-siddhesh@sourceware.org> References: <20220119082147.3352868-1-siddhesh@sourceware.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3486.0 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_NUMSUBJECT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: Siddhesh Poyarekar via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Siddhesh Poyarekar <siddhesh@sourceware.org> Cc: fweimer@redhat.com Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> |
| Series | Fixes for CVE-2021-3998 and CVE-2021-3999 | |
Message
Siddhesh Poyarekar
Jan. 20, 2022, 9:32 a.m. UTC
Add functions to make directory trees with paths longer than PATH_MAX
and use them to test fixes for CVE-2021-3998 and CVE-2021-3999.
Tested on x86_64 and i686.
Changes from v2:
- Adjusted test infrastructure to bail out if the filesystem does not support
creating directory trees greater than PATH_MAX.
Changes from v1:
- Try reducing directory name size to meet lower limits of some fuse
filesystems
- Fixed review comments
- Credited Qualys in NEWS
- Use x* functions wherever possible
- Drop size check in linux getcwd implementation and rely only on the
posix one to flag the error
- Fix formatting issues I had missed before.
Siddhesh Poyarekar (3):
support: Add helpers to create paths longer than PATH_MAX
realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX
[BZ #28770]
getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
NEWS | 10 +
stdlib/Makefile | 1 +
stdlib/canonicalize.c | 12 +-
stdlib/tst-realpath-toolong.c | 49 ++++
support/temp_file.c | 159 +++++++++++-
support/temp_file.h | 9 +
sysdeps/posix/getcwd.c | 7 +
sysdeps/unix/sysv/linux/Makefile | 7 +-
.../unix/sysv/linux/tst-getcwd-smallbuff.c | 245 ++++++++++++++++++
9 files changed, 487 insertions(+), 12 deletions(-)
create mode 100644 stdlib/tst-realpath-toolong.c
create mode 100644 sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c