Error out when REAL_PATH is undefined on a system#843
Error out when REAL_PATH is undefined on a system#843MylesBorins wants to merge 1 commit intolibuv:v1.xfrom
Conversation
|
/cc @saghul |
| return PATH_MAX; | ||
| #else | ||
| return 4096; | ||
| #error "PATH_MAX undefined" |
There was a problem hiding this comment.
"PATH_MAX undefined in the current platform"
10b029b to
5433911
Compare
| # include <sys/filio.h> | ||
| # include <sys/ioctl.h> | ||
| # include <sys/wait.h> | ||
| # include <sys/syslimits.h> /* PATH_MAX, IOV_MAX */ |
There was a problem hiding this comment.
You need to include this in src/unix/fs.c, which is where we need it.
There was a problem hiding this comment.
src/unix/fs.c doesn’t actually include limits.h by itself, does it? Maybe that’s all that’s needed?
There was a problem hiding this comment.
I'll move it over. I had it there originally but noticed that limits.h was not being included in src/unix/fs.c but in core.c, so I thought if it was included there
Other bits like IOV_MAX are only in syslimits on freeBSD.
I'll drop the first commit and move this all into fs.c
There was a problem hiding this comment.
3a75034 to
09b3f05
Compare
|
This change passes the node.js CI --> https://ci.nodejs.org/job/node-test-commit-freebsd/2188/nodes=freebsd10-64/console |
|
LGTM /cc @libuv/collaborators WDYT? |
| defined(__FreeBSD__) || \ | ||
| defined(__OpenBSD__) || \ | ||
| defined(__NetBSD__) | ||
| # include <sys/syslimits.h> /* PATH_MAX, IOV_MAX */ |
There was a problem hiding this comment.
Does it needs to be included on OS X?
There was a problem hiding this comment.
There was a problem hiding this comment.
@thealphanerd You could run another CI against just including limits.h in this file (without sys/syslimits.h), unconditionally, and across platforms, right? I have to admit I can’t really believe FreeBSD ignores POSIX on something like where PATH_MAX is defined…
There was a problem hiding this comment.
hmmm... so changing it to limits works
--> https://ci.nodejs.org/job/node-test-commit-freebsd/2195/
So why does every system but bsd have the macros here?
There was a problem hiding this comment.
@thealphanerd … doesn’t that CI run imply that BSD does have the macros there?
I think there should be just an #include <limits.h> where the other includes are. On systems that are not FreeBSD, things just worked because one of the other system headers includes limits.h itself.
On my Linux machine, the chain is uv.h -> uv-unix.h -> dirent.h -> limits.h, and I guess something similar is going on for OS X.
There was a problem hiding this comment.
I've pushed an update that explicitly includes limits.h with the other headers. Seems like a good defensive move
|
One question, otherwise LGTM |
|
LGTM |
Currently when PATH_MAX is undefined realpath will default to using 4096. There is a potential stack overflow attack that can be mitigated by having PATH_MAX defined. This change conservatively errors if a system does not have PATH_MAX defined. This change also explicitly includes `limits.h` to ensure that all platforms have PATH_MAX defined if it is available. ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/realpath.html ref: nodejs/node#2680 (comment)
09b3f05 to
22d582b
Compare
Currently when PATH_MAX is undefined realpath will default to using 4096. There is a potential stack overflow attack that can be mitigated by having PATH_MAX defined. This change conservatively errors if a system does not have PATH_MAX defined. This change also explicitly includes `limits.h` to ensure that all platforms have PATH_MAX defined if it is available. Ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/realpath.html Refs: nodejs/node#2680 (comment) PR-URL: #843 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
|
Landed in f617ccc, thanks! |
|
🎉 @saghul should we backport this to node prior to the v6 release? I can't see any past instance of a floating patch from uv -> node |
|
Please, don't. Next libuv release will have and Node will get it, I don't see the need for it as it doesn't solve a real problem found in the wild. |
|
I'm not 100% convinced this fix is correct. On FreeBSD (and, I think, the BSDs in general), EDIT: Also, there are long lines in the commit log. :-( |
|
Ouch, mea culpa :-( If I was wrong and this is not the right fix please feel free to revert. I relied on the CI runs since I have no FreeBSD at hand right now, but completely forgot about GYP/autotools, sorry. |
|
Sorry for leaving out context. The new realpath implementation was causing a breakage in glob --> isaacs/node-glob#259 (comment) @isaacs was hesitant to include a fix as he was worried about how secure the new implementation was and wouldn't land the fix. tbqh I just wanted to make sure we were being extra safe with the release tomorrow I do think that if there is any chance this is incorrect and will break builds, as alluded to by @bnoordhuis that this should be reverted. I've closed the PR on node and will not attempt to backport in the future. |
|
No worries. While the new realpath implementation surfaces some platform differences in some edge cases (IIRC) in glob, this fix does nothing to change that. Now, if people feel super strongly about this (FTR, I don't) and a proper fix lands today I don't mind cutting a 1.9.1 release this evening. /cc @libuv/collaborators |
Currently when PATH_MAX is undefined realpath will default to using 4096. There is a potential stack overflow attack that can be mitigated by having PATH_MAX defined. This change conservatively errors if a system does not have PATH_MAX defined. This change also explicitly includes `limits.h` to ensure that all platforms have PATH_MAX defined if it is available. Ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/realpath.html Refs: nodejs/node#2680 (comment) PR-URL: libuv#843 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
Currently when PATH_MAX is undefined realpath will default to using 4096.
There is a potential stack overflow attack that can be mitigated by having
PATH_MAX defined. This change conservatively errors if a system does not
have PATH_MAX defined.
This change also comes with a new header specifically for freeBSD
to ensure that PATH_MAX will be available on that platform.
ref: http://pubs.opengroup.org/onlinepubs/9699919799/functions/realpath.html
ref: nodejs/node#2680 (comment)
ref: isaacs/node-glob#259 (comment)