From patchwork Wed Jan 19 08:21:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 1581685 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=XRq3ItJw; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JdzD83lRNz9tB1 for ; Wed, 19 Jan 2022 19:23:04 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 933FD385781F for ; Wed, 19 Jan 2022 08:23:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 933FD385781F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1642580581; bh=YkO/oEpzI0JhxI5FslfsBTAs+hPYw2teUi0eY41DYv8=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=XRq3ItJwl3sKninxrpt2YS0VhXES10pSKmP26m44AszmDmlO9csFbnTnKKDonqQhQ A8XqBEtjMDePk+iVwZ8wGs7cbQCS9j77PDrjJyIWkkpUOY4XIzk11WPnqLuYAmvAe/ zVLosrP1cCx3bNCf0JnzqX/TAH2BNvwdoa2LCdPE= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from dog.elm.relay.mailchannels.net (dog.elm.relay.mailchannels.net [23.83.212.48]) by sourceware.org (Postfix) with ESMTPS id 8EFB3385781D for ; Wed, 19 Jan 2022 08:22:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8EFB3385781D X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9FCD6881285; Wed, 19 Jan 2022 08:22:02 +0000 (UTC) Received: from pdx1-sub0-mail-a305.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 37649881FF0; Wed, 19 Jan 2022 08:22:02 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a305.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.121.92.82 (trex/6.4.3); Wed, 19 Jan 2022 08:22:02 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Supply-Trouble: 7dc950fe340f7447_1642580522549_1017227291 X-MC-Loop-Signature: 1642580522549:1073989985 X-MC-Ingress-Time: 1642580522548 Received: from rhbox.redhat.com (unknown [1.186.224.209]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a305.dreamhost.com (Postfix) with ESMTPSA id 4JdzBw1hgGz3h; Wed, 19 Jan 2022 00:21:59 -0800 (PST) To: libc-alpha@sourceware.org Subject: [PATCH v2 0/3] Fixes for CVE-2021-3998 and CVE-2021-3999 Date: Wed, 19 Jan 2022 13:51:44 +0530 Message-Id: <20220119082147.3352868-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Status: No, score=-3486.2 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_NUMSUBJECT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" Add functions to make directory trees with paths longer than PATH_MAX and use them to test fixes for CVE-2021-3998 and CVE-2021-3999. Tested on x86_64 and i686. Changes from v1: - Try reducing directory name size to meet lower limits of some fuse filesystems - Fixed review comments - Credited Qualys in NEWS - Use x* functions wherever possible - Drop size check in linux getcwd implementation and rely only on the posix one to flag the error - Fix formatting issues I had missed before. Siddhesh Poyarekar (3): support: Add helpers to create paths longer than PATH_MAX realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX [BZ #28770] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) NEWS | 10 + stdlib/Makefile | 1 + stdlib/canonicalize.c | 12 +- stdlib/tst-realpath-toolong.c | 49 ++++ support/temp_file.c | 173 ++++++++++++- support/temp_file.h | 9 + sysdeps/posix/getcwd.c | 7 + sysdeps/unix/sysv/linux/Makefile | 7 +- .../unix/sysv/linux/tst-getcwd-smallbuff.c | 245 ++++++++++++++++++ 9 files changed, 501 insertions(+), 12 deletions(-) create mode 100644 stdlib/tst-realpath-toolong.c create mode 100644 sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c