openssh/openbsd-compat
Darren Tucker 527cb43fa1 Return ERANGE from getcwd() if buffer size is 1.
If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it
could result in a nul byte being written out of array bounds.  POSIX says
it should return ERANGE if the path will not fit in the available buffer
(with terminating nul). 1 byte cannot fit any possible path with its nul,
so immediately return ERANGE in that case.

OpenSSH never uses getcwd() with this buffer size, and all current
(and even quite old) platforms that we are currently known to work
on have a native getcwd() so this code is not used on those anyway.
Reported by Qualys, ok djm@
2022-07-14 11:22:08 +10:00
..
regress Add includes.h to compat tests. 2021-08-11 09:21:09 +10:00
arc4random.c Remove unused ivbits argument from chacha_keysetup 2022-03-01 09:02:06 +11:00
base64.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
base64.h
basename.c
bcrypt_pbkdf.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
bindresvport.c Include stdlib.h for arc4random_uniform prototype. 2021-09-29 20:03:58 +10:00
blf.h sync bcrypt-related files with OpenBSD 2021-11-29 12:30:22 +11:00
blowfish.c sync bcrypt-related files with OpenBSD 2021-11-29 12:30:22 +11:00
bsd-asprintf.c Don't avoid our *sprintf replacements. 2018-10-12 16:58:47 +11:00
bsd-closefrom.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
bsd-cygwin_util.c Fix signedness bug in Cygwin code 2022-01-21 09:53:07 +11:00
bsd-cygwin_util.h Use Cygwin-specific matching only for users+groups. 2019-03-12 09:19:19 +11:00
bsd-err.c
bsd-flock.c
bsd-getline.c Skip getline() on HP-UX 10.x. 2021-11-06 21:09:48 +11:00
bsd-getpagesize.c
bsd-getpeereid.c
bsd-malloc.c
bsd-misc.c Add clang sanitizer tests. 2022-07-03 22:53:44 +10:00
bsd-misc.h Constify utimes in compat library to match specs. 2022-02-25 15:14:22 +11:00
bsd-nextstep.c
bsd-nextstep.h
bsd-openpty.c Test if sshd accidentally acquires controlling tty 2022-02-14 14:19:40 +11:00
bsd-poll.c Only return events from ppoll that were requested. 2022-04-01 23:38:44 +11:00
bsd-poll.h Only include sys/poll.h if we don't have poll.h. 2022-02-22 12:25:52 +11:00
bsd-pselect.c Increment nfds when coming from startup_pipe. 2021-09-08 18:39:44 +10:00
bsd-setres_id.c Fix format string integer type in error message. 2019-07-19 07:23:26 +10:00
bsd-setres_id.h
bsd-signal.c Remove mysignal wrapper. 2020-01-23 18:55:24 +11:00
bsd-signal.h Include signal.h to prevent redefintion of _NSIG. 2020-01-26 14:09:17 +11:00
bsd-snprintf.c polish whitespace for portable files 2021-04-03 17:47:37 +11:00
bsd-statvfs.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
bsd-statvfs.h
bsd-waitpid.c
bsd-waitpid.h polish whitespace for portable files 2021-04-03 17:47:37 +11:00
chacha_private.h Remove unused ivbits argument from chacha_keysetup 2022-03-01 09:02:06 +11:00
charclass.h
daemon.c
dirname.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
explicit_bzero.c Using explicit_memset for the explicit_bzero compatibility layer. 2021-02-05 17:07:03 +11:00
fake-rfc2553.c
fake-rfc2553.h
fmt_scaled.c Resync fmt_scaled. with OpenBSD. 2022-03-11 18:43:58 +11:00
fnmatch.c sync fnmatch.c with upstream to fix another typo 2020-03-13 14:30:16 +11:00
fnmatch.h Define __BSD_VISIBLE in fnmatch.h. 2019-11-02 22:46:22 +11:00
freezero.c Include stdlib.h for declaration of free. 2018-07-11 12:14:09 +10:00
getcwd.c Return ERANGE from getcwd() if buffer size is 1. 2022-07-14 11:22:08 +10:00
getgrouplist.c
getopt_long.c polish whitespace for portable files 2021-04-03 17:47:37 +11:00
getopt.h
getrrsetbyname-ldns.c
getrrsetbyname.c Improve handling of _getshort and _getlong. 2022-02-25 19:47:48 +11:00
getrrsetbyname.h
glob.c Sync rev 1.49. 2020-04-21 18:28:19 +10:00
glob.h upstream commit 2019-11-15 16:06:30 +11:00
inet_aton.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
inet_ntoa.c
inet_ntop.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
kludge-fd_set.c
libressl-api-compat.c polish whitespace for portable files 2021-04-03 17:47:37 +11:00
Makefile.in Remove duplicate bcrypt_pbkdf.o from Makefile 2022-05-09 10:58:02 +10:00
md5.c
md5.h
memmem.c Add OPENBSD ORIGINAL marker. 2021-04-24 17:52:24 +10:00
mktemp.c Remove checks for strict POSIX mkdtemp() 2020-10-27 16:50:38 +11:00
openbsd-compat.h Provide killpg implementation. 2022-03-09 09:41:56 +11:00
openssl-compat.c Reverse order of OpenSSL init functions. 2018-11-25 14:05:57 +11:00
openssl-compat.h support OpenSSL 3.x cipher IV API change 2021-02-18 12:06:25 +11:00
port-aix.c Handle GIDs > 2^31 in getgrouplist. 2021-06-17 21:03:19 +10:00
port-aix.h Constify aix_krb5_get_principal_name. 2020-02-17 22:53:24 +11:00
port-irix.c Move log.h include inside ifdefs. 2019-07-08 17:27:26 +10:00
port-irix.h
port-linux.c SELinux has deprecated security_context_t 2020-11-13 13:46:28 +11:00
port-linux.h
port-net.c polish whitespace for portable files 2021-04-03 17:47:37 +11:00
port-net.h
port-prngd.c Fix ifdefs around get_random_bytes_prngd. 2021-07-02 15:20:32 +10:00
port-solaris.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
port-solaris.h
port-uw.c polish whitespace for portable files 2021-04-03 17:47:37 +11:00
port-uw.h
pwcache.c Cast *ID types to unsigned long when printing. 2019-07-06 13:02:34 +10:00
readpassphrase.c
readpassphrase.h
reallocarray.c
recallocarray.c
rresvport.c
setenv.c lastenv is only used in setenv. 2021-07-27 17:45:34 +10:00
setproctitle.c Include stdio.h for vsnprintf. 2019-06-16 12:55:27 +10:00
sha1.c upstream rev 1.27: fix integer overflow. 2019-06-14 14:22:39 +10:00
sha1.h
sha2.c polish whitespace for portable files 2021-04-03 17:47:37 +11:00
sha2.h Remove sys/cdefs.h include. 2019-07-23 22:36:39 +10:00
sigact.c
sigact.h
strcasestr.c
strlcat.c
strlcpy.c
strmode.c
strndup.c
strnlen.c
strptime.c
strsep.c
strtoll.c
strtonum.c polish whitespace for portable files 2021-04-03 17:47:37 +11:00
strtoul.c
strtoull.c
sys-queue.h undef TAILQ_CONCAT and friends 2020-08-04 14:58:46 +10:00
sys-tree.h
timingsafe_bcmp.c
vis.c
vis.h
xcrypt.c remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00