Project

General

Profile

Bug #510

Stack corruption if strln(getenv("PATH"))>GMX_PATH_MAX

Added by Roland Schulz over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Erik Lindahl
Category:
mdrun
Target version:
Affected version - extra info:
Affected version:
Difficulty:
uncategorized
Close

Description

In futil.c:772 the result of getenv("PATH") is appended to a variable of size GMX_PATH_MAX. This corrupts the stack if the PATH env variable is too long. What is the best way to fix this?

futil.c (27.1 KB) futil.c modefied futil.c Berk Hess, 08/17/2010 04:22 PM

History

#1 Updated by Berk Hess over 9 years ago

Created an attachment (id=515)
modefied futil.c

#2 Updated by Berk Hess over 9 years ago

We can avoid the issues by searching in the two path separately.
I have attached a modified futil.c. Have a look at it and tell me if it's ok
so I can commit it.

PS it seems we could still overwrite the stack when the sprintf of the directory + binary is longer than GMX_PATH_MAX, although that is quite unlikely.
I can we can not assume that the system supports such long full file names,
so we would have to generate an error?

Berk

#3 Updated by Roland Schulz over 9 years ago

(In reply to comment #2)

We can avoid the issues by searching in the two path separately.
I have attached a modified futil.c. Have a look at it and tell me if it's ok
so I can commit it.

Yes looks good. Only the first while loop is not really necessary because the system_path will never contain a delimiter.

PS it seems we could still overwrite the stack when the sprintf of the
directory + binary is longer than GMX_PATH_MAX, although that is quite
unlikely.
I can we can not assume that the system supports such long full file names,
so we would have to generate an error?

Not sure.

#4 Updated by Berk Hess over 9 years ago

I fixed it: commit f8b0cedd085bbe29e359439c8b19ce2f14fd6cfa
I also added a check for the length of bin_name and made the full_path
buffer size the max path size + max bin name size.

Berk

Also available in: Atom PDF