path-util: introduce new safe_getcwd() wrapper

It's like get_current_dir_name() but protects us from CVE-2018-1000001-style exploits: https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
author: Lennart Poettering <lennart@poettering.net> 2018-01-17 11:16:31 +0100
committer: Lennart Poettering <lennart@poettering.net> 2018-01-17 11:16:31 +0100
commit: a2556d25ae8e7c1aa1e75affb45226b02813a03b (patch)
tree: 8dc3bc86098d53f07e42f862ac8ac8e5b47cdd0f /src/basic/path-util.c
parent: path-util: don't add extra "/" when prefix already is suffixed by slash (diff)
download: systemd-a2556d25ae8e7c1aa1e75affb45226b02813a03b.tar.xz
systemd-a2556d25ae8e7c1aa1e75affb45226b02813a03b.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index f5f506ccf5..fbf69d12eb 100644
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -90,6 +90,24 @@ char *path_make_absolute(const char *p, const char *prefix) {
                 return strjoin(prefix, "/", p);
 }
 
+int safe_getcwd(char **ret) {
+        char *cwd;
+
+        cwd = get_current_dir_name();
+        if (!cwd)
+                return negative_errno();
+
+        /* Let's make sure the directory is really absolute, to protect us from the logic behind
+         * CVE-2018-1000001 */
+        if (cwd[0] != '/') {
+                free(cwd);
+                return -ENOMEDIUM;
+        }
+
+        *ret = cwd;
+        return 0;
+}
+
 int path_make_absolute_cwd(const char *p, char **ret) {
         char *c;
author	Lennart Poettering <lennart@poettering.net>	2018-01-17 11:16:31 +0100
committer	Lennart Poettering <lennart@poettering.net>	2018-01-17 11:16:31 +0100
commit	a2556d25ae8e7c1aa1e75affb45226b02813a03b (patch)
tree	8dc3bc86098d53f07e42f862ac8ac8e5b47cdd0f /src/basic/path-util.c
parent	path-util: don't add extra "/" when prefix already is suffixed by slash (diff)
download	systemd-a2556d25ae8e7c1aa1e75affb45226b02813a03b.tar.xz systemd-a2556d25ae8e7c1aa1e75affb45226b02813a03b.zip