Re: Cwd.xs: off-by-one buffer overflow in realpath()

On Mon 03 Nov 2003 22:24, Rafael Garcia-Suarez <rgarciasuarez@free.fr> wrote:
> Casey West wrote:
> > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc 
> 
> Thanks, applied as #21646 to blead. (by hand, for some reason.)
> 
> > --- perl-current-orig/ext/Cwd/Cwd.xs    Thu May 16 18:16:19 2002
> > +++ perl-current/ext/Cwd/Cwd.xs Thu Oct 30 12:08:12 2003
> > @@ -166,7 +166,7 @@
> >                 rootd = 0;
> >  
> >         if (*wbuf) {
> > -               if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
> > +               if (strlen(resolved) + strlen(wbuf) + (1-rootd) + 1 > MAXPATHLEN) {

This correct? 1 *-* rootd
This is completely different from off-by-one, as the subject says

-- 
H.Merijn Brand        Amsterdam Perl Mongers (http://amsterdam.pm.org/)
using perl-5.6.1, 5.8.0, & 5.9.x, and 806 on  HP-UX 10.20 & 11.00, 11i,
   AIX 4.3, SuSE 8.2, and Win2k.           http://www.cmve.net/~merijn/
http://archives.develooper.com/daily-build@perl.org/   perl-qa@perl.org
send smoke reports to: smokers-reports@perl.org, QA: http://qa.perl.org

• Cwd.xs: off-by-one buffer overflow in realpath() by Casey West
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by H.Merijn Brand
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by H.Merijn Brand
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Gisle Aas
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Rafael Garcia-Suarez
• Re: Cwd.xs: off-by-one buffer overflow in realpath() by Enache Adrian