Description
realpath(3) is unsafe when used in the traditional way. It takes a pointer to a user provided buffer, but no buffer length; instead, it requires the buffer to be PATH_MAX + 1.
This is unsafe, because there is no safe way to pre-determine the maximum length of the file name. If PATH_MAX is determined using pathconf(3), this information may be out of date the moment realpath(3) is called. Even worse, if PATH_MAX is a compile time constant, this constant may have nothing to do with the real resolved file name length the jvm encounters at runtime, which is a property of the mounted file system(s).
To address this, since POSIX 1.2008 realpath(3) allows the user to hand in NULL instead of a buffer, in which case the buffer is dynamically allocated by realpath(3) itself. Caller must call free() to free it.
Most of our platforms save for oldish AIX systems should support POSIX 1.2008, so it makes sense to use this behaviour. Where it cannot be used, at least the buffer should be checked for overwrites after realpath() returns.
This is unsafe, because there is no safe way to pre-determine the maximum length of the file name. If PATH_MAX is determined using pathconf(3), this information may be out of date the moment realpath(3) is called. Even worse, if PATH_MAX is a compile time constant, this constant may have nothing to do with the real resolved file name length the jvm encounters at runtime, which is a property of the mounted file system(s).
To address this, since POSIX 1.2008 realpath(3) allows the user to hand in NULL instead of a buffer, in which case the buffer is dynamically allocated by realpath(3) itself. Caller must call free() to free it.
Most of our platforms save for oldish AIX systems should support POSIX 1.2008, so it makes sense to use this behaviour. Where it cannot be used, at least the buffer should be checked for overwrites after realpath() returns.
Attachments
Issue Links
- relates to
-
JDK-8171508 os::jvm_path: error in handling -Dsun.java.launcher.is_altjvm option after 8066474
-
- Closed
-