Reputation: 16837
Potential buffer overflow when using realpath() in C
I am reading this link related to secure coding in C. It contains the following paragraph:
In C and C++ programming languages, some functions take string as input. Examples include realpath(), syslog() and getopt(). When such functions are injected with an extensive amount of input buffer, a buffer overflow attack can take place. As such, a good coder will establish the greatest possible length of such input string required for a particular program and shorten input strings appropriately prior to invoking the realpath(), syslog() and getopt() functions.
Taking realpath() as example, the function signature is:
char *realpath(const char *path, char *resolved_path);
Based on the function signature, when someone calls this, they would have allocated and filled in the memory for the path argument. If the memory size allocated for the resolved_path result is not large enough, it may cause overflow. Is this analysis correct ? I'm not sure why the link I gave above says buffer overflow due to extensive amount of input buffer.
Upvotes: 0
Views: 625
Answers (0)
Related Questions
- Example of realpath function in C
- C realpath return NULL vector, can't find the path
- Are there any alternatives to realpath()?
- How to properly use realpath() for reading multiple files within a directory?
- Why does realpath() return error EEXIST?
- C realpath function doesn't work for strings defined in the source file
- realpath() in my env doesn't like NULL as second argument?
- My realpath return null for files
- Realpath requires file exist
- What is the safe alternative to realpath()?