From 5178df3e156a436c4888a1a95996aea55525e7b6 Mon Sep 17 00:00:00 2001
From: Wojciech Nizinski <w.nizinski at grinn-global.com>
Date: Tue, 20 Oct 2015 14:08:09 +0200
Subject: libc/stdlib: canonicalize_file_name() memory leak

Uclibc's canonicalize_file_name() is allocating temprary buffer of 4kB
(PATH_MAX), and passing it to realpath() as second argument. Function is
not checking if realpath() fails and memory is lost.
---
 libc/stdlib/canonicalize.c | 21 +--------------------
 1 file changed, 1 insertion(+), 20 deletions(-)

(limited to 'libc')

diff --git a/libc/stdlib/canonicalize.c b/libc/stdlib/canonicalize.c
index 06e710ab7..da09d5841 100644
--- a/libc/stdlib/canonicalize.c
+++ b/libc/stdlib/canonicalize.c
@@ -9,30 +9,11 @@
  */
 
 #include <stdlib.h>
-#include <limits.h>
 
 #ifdef __USE_GNU
 
-#ifndef PATH_MAX
-# ifdef _POSIX_VERSION
-#  define PATH_MAX _POSIX_PATH_MAX
-# else
-#  ifdef MAXPATHLEN
-#   define PATH_MAX MAXPATHLEN
-#  else
-#   define PATH_MAX 1024
-#  endif
-# endif
-#endif
-
 char * canonicalize_file_name (const char *name)
 {
-	char *buf = (char *) malloc(PATH_MAX);
-
-	if(unlikely(buf == NULL))
-		return NULL;
-
-	*buf='\0';
-	return realpath (name, buf);
+	return realpath (name, NULL);
 }
 #endif
-- 
cgit v1.2.3