From: Petr Vorel <pvorel@suse.cz>
To: Cyril Hrubis <chrubis@suse.cz>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2] tst_tmpdir: Fix buffer overflow in tst_tmpdir.c
Date: Fri, 14 Nov 2025 09:58:56 +0100 [thread overview]
Message-ID: <20251114085856.GA43654@pevik> (raw)
In-Reply-To: <aRXtUIlkNP3aDReN@yuki.lan>
Hi all,
...
> > @@ -192,63 +253,36 @@ static int purge_dir(const char *path, char **errptr)
> > return ret_val;
> > }
> Again, there shouldn't be two function for the same job. There should be
> only purge_dirat() and the tst_purge_dir() should call purge_dirat()
> with AT_FDCWD as the dirfd.
+1. That is what I meant by "it'd be nice if we could use only rmobjat()" in v1.
> > } else {
> > - if (unlink(obj) < 0) {
> > + if (unlinkat(dir_fd, obj, 0) < 0) {
> > if (errmsg != NULL) {
> > - sprintf(err_msg,
> > - "unlink(%s) failed; errno=%d: %s", obj,
> > + snprintf(err_msg, sizeof(err_msg),
> > + "unlinkat(%s) failed; errno=%d: %s", obj,
> > errno, tst_strerrno(errno));
> > *errmsg = err_msg;
> > }
> > @@ -305,7 +339,7 @@ void tst_tmpdir(void)
> > tst_resm(TERRNO, "%s: chdir(%s) failed", __func__, TESTDIR);
> > /* Try to remove the directory */
> > - if (rmobj(TESTDIR, &errmsg) == -1) {
> > + if (rmobjat(0, TESTDIR, &errmsg) == -1) {
> > tst_resm(TWARN, "%s: rmobj(%s) failed: %s",
> > __func__, TESTDIR, errmsg);
> > }
> > @@ -343,7 +377,7 @@ void tst_rmdir(void)
> > /*
> > * Attempt to remove the "TESTDIR" directory, using rmobj().
> > */
> > - if (rmobj(TESTDIR, &errmsg) == -1) {
> > + if (rmobjat(0, TESTDIR, &errmsg) == -1) {
> > tst_resm(TWARN, "%s: rmobj(%s) failed: %s",
> > __func__, TESTDIR, errmsg);
> > }
> We should pass AT_FDCWD to the two rmobjat() here since it's possible to
> pass relative path in the TMPDIR environment variable. Otherwise the
> code will not work with e.g. TMPDIR="." ./test_foo
Very good catch. BTW we expect TMPDIR to be correct - without double quotes and
trailing '/' which are example for shell tests which lead to failures in LTP
NFS tests. That was fixed in:
273c497935 ("tst_test.sh: Remove possible double/trailing slashes from TMPDIR")
Wouldn't be better just to normalize relative TMPDIR to absolute path? Simple
realpath() would do the job, right?
e.g. this patch "swapon03: Remove grep dependency" [1] + fix attempt to swapoff
leftover from previous run (when one does ctrl+C in previous run) expect that
TMPDIR is absolute. I'll note it below the patch that either we change
lib/tst_tmpdir.c to convert relative to absolute, or swapon03.c test needs to do
it itself. I would prefer lib/tst_tmpdir.c do the job including normalizing the
path (more tests will benefit/need it).
Kind regards,
Petr
[1] https://lore.kernel.org/ltp/20251106163500.1063704-6-pvorel@suse.cz/
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2025-11-14 8:59 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-21 14:16 [LTP] [PATCH v1] tst_tmpdir: Fix buffer overflow in tst_tmpdir.c Wei Gao via ltp
2025-05-22 19:39 ` Petr Vorel
2025-05-23 6:01 ` Jan Stancek via ltp
2025-05-23 6:29 ` Petr Vorel
2025-05-23 6:29 ` Cyril Hrubis
2025-05-23 21:09 ` [LTP] [PATCH v2] " Wei Gao via ltp
2025-11-13 14:38 ` Cyril Hrubis
2025-11-14 8:58 ` Petr Vorel [this message]
2025-11-25 4:39 ` Wei Gao via ltp
2025-11-25 4:36 ` Wei Gao via ltp
2025-11-25 4:40 ` [LTP] [PATCH v3] " Wei Gao via ltp
2026-02-17 15:01 ` Andrea Cervesato via ltp
2026-02-25 1:50 ` [LTP] [PATCH v4] " Wei Gao via ltp
2026-02-25 7:38 ` Andrea Cervesato via ltp
2026-02-25 7:38 ` Andrea Cervesato via ltp
2026-02-25 10:58 ` Cyril Hrubis
2026-02-26 1:34 ` Wei Gao via ltp
2026-02-26 8:59 ` Cyril Hrubis
2026-02-26 9:36 ` Andrea Cervesato via ltp
2026-02-26 12:26 ` Cyril Hrubis
2025-09-01 15:08 ` [LTP] [PATCH v1] " Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251114085856.GA43654@pevik \
--to=pvorel@suse.cz \
--cc=chrubis@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox