From: dtucker@openbsd.org Date: Thu, 22 May 2025 03:53:46 +0000 (+0000) Subject: upstream: Copy arg to be passed to dirname(). X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ccf42378df202472e7254f37f7dabb2f5723955;p=thirdparty%2Fopenssh-portable.git upstream: Copy arg to be passed to dirname(). POSIX allows dirname() to modify its args and return a pointer into it, so this prevents an overlapping strlcpy. bz#3819, patch from cjwatson at debian.org OpenBSD-Commit-ID: c32e496e6a1618aba31c8b7a9d4e1376c5ea6aa1 --- diff --git a/misc.c b/misc.c index 25465dcd2..f4e02bd04 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.199 2025/05/05 02:48:06 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.200 2025/05/22 03:53:46 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -2254,7 +2254,7 @@ int safe_path(const char *name, struct stat *stp, const char *pw_dir, uid_t uid, char *err, size_t errlen) { - char buf[PATH_MAX], homedir[PATH_MAX]; + char buf[PATH_MAX], buf2[PATH_MAX], homedir[PATH_MAX]; char *cp; int comparehome = 0; struct stat st; @@ -2280,7 +2280,12 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, /* for each component of the canonical path, walking upwards */ for (;;) { - if ((cp = dirname(buf)) == NULL) { + /* + * POSIX allows dirname to modify its argument and return a + * pointer into it, so make a copy to avoid overlapping strlcpy. + */ + strlcpy(buf2, buf, sizeof(buf2)); + if ((cp = dirname(buf2)) == NULL) { snprintf(err, errlen, "dirname() failed"); return -1; }