Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This modification incorrectly assumes that the symbolic link cannot be longer than the value of SYMLINK_MAX returned by pathconf(). However, the value returned by
pathconf() is out of date by the time readlink() is called, and so the off-by-one buffer overflow risk is still present because in between the two calls, the location of /usr/bin/perl can change to a file system with a larger SYMLINK_MAX value. Also, if SYMLINK_MAX is indeterminate (that is, if pathconf() returned -1 without setting errno), the code uses an arbitrary large buffer size (10,000) that it hopes will be sufficient, but there is a small chance that readlink() can return exactly this size.

...