diff options
| author | cjihrig <cjihrig@gmail.com> | 2020-09-03 03:41:59 +0300 |
|---|---|---|
| committer | Michaƫl Zasso <targos@protonmail.com> | 2020-09-14 09:33:28 +0300 |
| commit | 2ea6d255f8f768e4717eed56edce1cafd552e3ee (patch) | |
| tree | f1caaa6af7883f4d0a220fade8212c691b4ec28d | |
| parent | edad52e2431093375bbc6f5b2dc6fdcddb4d4f61 (diff) | |
deps: libuv: cherry-pick 0e6e8620
Original commit message:
unix: don't use _POSIX_PATH_MAX
Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
("unix: do not require PATH_MAX to be defined") from September 2018.
_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
is always 256, the real max is often much bigger.
This commit fixes buffer overruns when processing very long paths in
uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
enough memory to store the result.
Fixes: https://github.com/libuv/libuv/issues/2965
PR-URL: https://github.com/libuv/libuv/pull/2966
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jameson Nash <vtjnash@gmail.com>
CVE-ID: CVE-2020-8252
PR-URL: https://github.com/nodejs-private/node-private/pull/221
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
| -rw-r--r-- | deps/uv/src/unix/internal.h | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/deps/uv/src/unix/internal.h b/deps/uv/src/unix/internal.h index 402ee877d07..ab4f58c532e 100644 --- a/deps/uv/src/unix/internal.h +++ b/deps/uv/src/unix/internal.h @@ -62,9 +62,7 @@ # include <AvailabilityMacros.h> #endif -#if defined(_POSIX_PATH_MAX) -# define UV__PATH_MAX _POSIX_PATH_MAX -#elif defined(PATH_MAX) +#if defined(PATH_MAX) # define UV__PATH_MAX PATH_MAX #else # define UV__PATH_MAX 8192 |