Realpath arg 2 must be a minimum of PATH_MAX

The realpath(3) function expects that when a buffer is passed
for the 'resolved_path' that it be at least PATH_MAX in length.
If it's not a buffer overflow may occur.

Therefore the passed buffer size is changed from MAXNAMELEN to
MAXPATHLEN.  We also take this opertunity to dynamically allocate
the buffer to keep it off the stack.

  warning: call to '__realpath_chk_warn' declared with attribute
  warning: second argument of realpath must be either NULL or at
  least PATH_MAX bytes long buffer [enabled by default]

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>

diff --git a/cmd/ztest/ztest.c b/cmd/ztest/ztest.c
index 09f3d5678a251afcc8b7c497de9a3d5c8d17e60e..4479c5939218f1c9da0697c2d486e86babb78993 100644 (file)
--- a/cmd/ztest/ztest.c
+++ b/cmd/ztest/ztest.c
@@ -729,13 +729,16 @@ process_options(int argc, char **argv)
            UINT64_MAX >> 2);
 
        if (strlen(altdir) > 0) {
-               char cmd[MAXNAMELEN];
-               char realaltdir[MAXNAMELEN];
+               char *cmd;
+               char *realaltdir;
                char *bin;
                char *ztest;
                char *isa;
                int isalen;
 
+               cmd = umem_alloc(MAXPATHLEN, UMEM_NOFAIL);
+               realaltdir = umem_alloc(MAXPATHLEN, UMEM_NOFAIL);
+
                VERIFY(NULL != realpath(getexecname(), cmd));
                if (0 != access(altdir, F_OK)) {
                        ztest_dump_core = B_FALSE;
@@ -767,6 +770,9 @@ process_options(int argc, char **argv)
                        fatal(B_TRUE, "invalid alternate lib directory %s",
                            zo->zo_alt_libpath);
                }
+
+               umem_free(cmd, MAXPATHLEN);
+               umem_free(realaltdir, MAXPATHLEN);
        }
 }