aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2005-03-01 00:42:41 +0000
committerUlrich Drepper <drepper@redhat.com>2005-03-01 00:42:41 +0000
commit8b8b797292218050ff191ccb90da498862afd0f2 (patch)
treeaf2f3e0fd794ea7430f73b688611dfab0d5d69d9
parent61062f56304750c367c5c1533351621353c112a7 (diff)
downloadglibc-8b8b797292218050ff191ccb90da498862afd0f2.tar
glibc-8b8b797292218050ff191ccb90da498862afd0f2.tar.gz
glibc-8b8b797292218050ff191ccb90da498862afd0f2.tar.bz2
glibc-8b8b797292218050ff191ccb90da498862afd0f2.zip
(__getcwd_chk): Always fail if the buffer is too small.
-rw-r--r--debug/getcwd_chk.c6
-rw-r--r--debug/pread64_chk.c9
-rw-r--r--debug/readlink_chk.c13
3 files changed, 11 insertions, 17 deletions
diff --git a/debug/getcwd_chk.c b/debug/getcwd_chk.c
index 9e14a0102e..cb864c858e 100644
--- a/debug/getcwd_chk.c
+++ b/debug/getcwd_chk.c
@@ -24,8 +24,8 @@
char *
__getcwd_chk (char *buf, size_t size, size_t buflen)
{
- char *res = __getcwd (buf, MIN (size, buflen));
- if (res == NULL && errno == ERANGE && size > buflen)
+ if (size > buflen)
__chk_fail ();
- return res;
+
+ return __getcwd (buf, size);
}
diff --git a/debug/pread64_chk.c b/debug/pread64_chk.c
index 5402e05b86..daea1d7091 100644
--- a/debug/pread64_chk.c
+++ b/debug/pread64_chk.c
@@ -23,11 +23,8 @@
ssize_t
__pread64_chk (int fd, void *buf, size_t nbytes, off64_t offset, size_t buflen)
{
- /* In case NBYTES is greater than BUFLEN, we read BUFLEN+1 bytes.
- This might overflow the buffer but the damage is reduced to just
- one byte. And the program will terminate right away. */
- ssize_t n = __pread64 (fd, buf, offset, MIN (nbytes, buflen + 1));
- if (n > 0 && (size_t) n > buflen)
+ if (nbytes > buflen)
__chk_fail ();
- return n;
+
+ return __pread64 (fd, buf, offset, MIN (nbytes, buflen + 1));
}
diff --git a/debug/readlink_chk.c b/debug/readlink_chk.c
index 662041957a..d8d61dc699 100644
--- a/debug/readlink_chk.c
+++ b/debug/readlink_chk.c
@@ -27,15 +27,12 @@
ssize_t
__readlink_chk (const char *path, void *buf, size_t len, size_t buflen)
{
- /* In case LEN is greater than BUFLEN, we read BUFLEN+1 bytes.
- This might overflow the buffer but the damage is reduced to just
- one byte. And the program will terminate right away. */
+ if (len > buflen)
+ __chk_fail ();
+
#ifdef HAVE_INLINED_SYSCALLS
- int n = INLINE_SYSCALL (readlink, 3, path, buf, MIN (len, buflen + 1));
+ return INLINE_SYSCALL (readlink, 3, path, buf, MIN (len, buflen + 1));
#else
- int n = __readlink (path, buf, MIN (len, buflen + 1));
+ return __readlink (path, buf, MIN (len, buflen + 1));
#endif
- if (n > 0 && (size_t) n > buflen)
- __chk_fail ();
- return n;
}