diff mbox

[Ada] Crash with big strings in System.OS_Lib.Normalize_Pathname

Message ID 20140129152528.GA30120@adacore.com
State New
Headers show

Commit Message

Arnaud Charlet Jan. 29, 2014, 3:25 p.m. UTC 
This patch prevents the copy of too big names to fixed-size buffers from
overflowing. Instead, when too big strings are provided, treat them as
invalid and return an empty string.

The execution of the following example must print "OK":

$ gnatmake foo && ./foo

with Ada.Text_IO; use Ada.Text_IO;
with GNAT.OS_Lib; use GNAT.OS_Lib;

procedure Foo is
   Max_Path : Integer;
   pragma Import (C, Max_Path, "__gnat_max_path_len");

   Valid_Path : String (1 .. Max_Path) :=
     (1 => '/', others => 'a');
   Invalid_Path : String (1 .. Max_Path + 1) :=
     (1 => '/', others => 'a');
begin
   if Normalize_Pathname (Valid_Path) /= ""
      and then
      Normalize_Pathname (Invalid_Path) = ""
   then
      Put_Line ("OK");
   else
      Put_Line ("FAIL");
   end if;
end Foo;

Tested on x86_64-pc-linux-gnu, committed on trunk

2014-01-29  Pierre-Marie Derodat  <derodat@adacore.com>

	* s-os_lib.adb, s-os_lib.ads (Normalize_Pathname): Return an empty
	string when the Name input bigger than allowed. Adapt the function
	specification.
diff mbox

Patch

Index: s-os_lib.adb
===================================================================
--- s-os_lib.adb	(revision 207241)
+++ s-os_lib.adb	(working copy)
@@ -1927,9 +1927,10 @@ 
    --  Start of processing for Normalize_Pathname
 
    begin
-      --  Special case, if name is null, then return null
+      --  Special case, return null if name is null, or if it is bigger than
+      --  the biggest name allowed.
 
-      if Name'Length = 0 then
+      if Name'Length = 0 or else Name'Length > Max_Path then
          return "";
       end if;
 
Index: s-os_lib.ads
===================================================================
--- s-os_lib.ads	(revision 207241)
+++ s-os_lib.ads	(working copy)
@@ -445,9 +445,10 @@ 
    --  directory pointed to. This is slightly less efficient, since it
    --  requires system calls.
    --
-   --  If Name cannot be resolved or is null on entry (for example if there is
-   --  symbolic link circularity, e.g. A is a symbolic link for B, and B is a
-   --  symbolic link for A), then Normalize_Pathname returns an empty  string.
+   --  If Name cannot be resolved, is invalid (for example if it is too big) or
+   --  is null on entry (for example if there is symbolic link circularity,
+   --  e.g. A is a symbolic link for B, and B is a symbolic link for A), then
+   --  Normalize_Pathname returns an empty string.
    --
    --  In VMS, if Name follows the VMS syntax file specification, it is first
    --  converted into Unix syntax. If the conversion fails, Normalize_Pathname