Fix for bad usage of dirname

Esben Haabendal esbenhaabendal at gmail.com
Wed Mar 12 14:56:26 CET 2008


The uage of dirname() in libbb/make_directory.c is not correct according to
the standard specification for dirname. It just happens to work with glibc
on Linux, but it is probably best to fix it.

>From dirname(3):

These functions may return pointers to statically allocated memory which may
be overwritten by subsequent calls.  Alternatively, they may return a
pointer to some part of path, so that the string referred to by path should
not  be modified or freed until the pointer returned by the function is no
longer required.

On cygwin, ipkg (and thus opkg) make_directory() actually crashes.

/Esben



diff -urN ipkg-0.99.163-orig/libbb/make_directory.c ipkg-0.99.163
/libbb/make_directory.c
--- ipkg-0.99.163-orig/libbb/make_directory.c  2006-02-06
09:13:02.000000000+0100
+++ ipkg-0.99.163/libbb/make_directory.c       2007-11-22
11:32:49.000000000+0100
@@ -50,17 +50,23 @@

               if (stat (path, &st) < 0 && errno == ENOENT) {
                       int status;
-                      char *buf, *parent;
+                      char *pathcopy, *parent, *parentcopy;
                       mode_t mask;

                       mask = umask (0);
                       umask (mask);

-                      buf = xstrdup (path);
-                      parent = dirname (buf);
-                      status = make_directory (parent, (0777 & ~mask) |
0300,
-                                      FILEUTILS_RECUR);
-                      free (buf);
+                      /* dirname is unsafe, it may both modify the
+                         memory of the path argument and may return
+                         a pointer to static memory, which can then
+                         be modified by consequtive calls to dirname */
+                      pathcopy = xstrdup (path);
+                      parent = dirname (pathcopy);
+                      parentcopy = xstrdup (parent);
+                      status = make_directory (parentcopy, (0777 & ~mask)
+                                               | 0300, FILEUTILS_RECUR);
+                      free (pathcopy);
+                      free (parentcopy);

                       if (status < 0 || make_directory (path, mode, 0) < 0)
                               return -1;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/opkg-devel/attachments/20080312/9e9f130d/attachment.html 


More information about the opkg-devel mailing list