Cwd.xs: off-by-one buffer overflow in realpath()

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc 

Patch below sig.

  Casey West

-- 
Shooting yourself in the foot with Fortran 
You shoot yourself in each toe, iteratively, until you run out of
toes; then you shoot the sixth bullet anyway since no exception
processing was anticipated. 

--- perl-current-orig/ext/Cwd/Cwd.xs    Thu May 16 18:16:19 2002
+++ perl-current/ext/Cwd/Cwd.xs Thu Oct 30 12:08:12 2003
@@ -166,7 +166,7 @@
                rootd = 0;
 
        if (*wbuf) {
-               if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
+               if (strlen(resolved) + strlen(wbuf) + (1-rootd) + 1 > MAXPATHLEN) {
                        errno = ENAMETOOLONG;
                        goto err1;
                }

• Cwd.xs: off-by-one buffer overflow in realpath() by Casey West
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by H.Merijn Brand
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by H.Merijn Brand
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Gisle Aas
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Enache Adrian