Re: Cwd.xs: off-by-one buffer overflow in realpath()

Casey West wrote:
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc 

Thanks, applied as #21646 to blead. (by hand, for some reason.)

> --- perl-current-orig/ext/Cwd/Cwd.xs    Thu May 16 18:16:19 2002
> +++ perl-current/ext/Cwd/Cwd.xs Thu Oct 30 12:08:12 2003
> @@ -166,7 +166,7 @@
>                 rootd = 0;
>  
>         if (*wbuf) {
> -               if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
> +               if (strlen(resolved) + strlen(wbuf) + (1-rootd) + 1 > MAXPATHLEN) {

• Cwd.xs: off-by-one buffer overflow in realpath() by Casey West
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by H.Merijn Brand
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by H.Merijn Brand
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Gisle Aas
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Enache Adrian