From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon, 21 Feb 2022 02:56:06 +0000 (+0530)
Subject: realpath: Do not copy result on failure (BZ #28815)
X-Git-Tag: glibc-2.36~670
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=949ad78a189194048df8a253bb31d1d11d919044;p=thirdparty%2Fglibc.git

realpath: Do not copy result on failure (BZ #28815)

On failure, the contents of the resolved buffer passed in by the caller
to realpath are undefined.  Do not copy any partial resolution to the
buffer and also do not test resolved contents in test-canon.c.

Resolves: BZ #28815

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
---

diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c
index 6caed9e70e1..6237a41d42b 100644
--- a/stdlib/canonicalize.c
+++ b/stdlib/canonicalize.c
@@ -400,11 +400,11 @@ realpath_stk (const char *name, char *resolved,
 
 error:
   *dest++ = '\0';
-  if (resolved != NULL)
+  if (!failed && resolved != NULL)
     {
       if (dest - rname <= get_path_max ())
 	rname = strcpy (resolved, rname);
-      else if (!failed)
+      else
 	{
 	  failed = true;
 	  __set_errno (ENAMETOOLONG);
diff --git a/stdlib/test-canon.c b/stdlib/test-canon.c
index 185ccf4f483..2ad1218749d 100644
--- a/stdlib/test-canon.c
+++ b/stdlib/test-canon.c
@@ -174,7 +174,9 @@ do_test (int argc, char ** argv)
 	  continue;
 	}
 
-      if (!check_path (buf, tests[i].out ? tests[i].out : tests[i].resolved))
+      /* Only on success verify that buf contains the result too.  */
+      if (result != NULL
+	  && !check_path (buf, tests[i].out ? tests[i].out : tests[i].resolved))
 	{
 	  printf ("%s: flunked test %d (expected resolved `%s', got `%s')\n",
 		  argv[0], i, tests[i].out ? tests[i].out : tests[i].resolved,