From 8298a315bce73eaa6b80e545e75b669650e62b14 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 17 Jan 2018 11:16:31 +0100
Subject: [PATCH] path-util: introduce new safe_getcwd() wrapper

It's like get_current_dir_name() but protects us from
CVE-2018-1000001-style exploits:

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
---
 src/basic/path-util.c | 18 ++++++++++++++++++
 src/basic/path-util.h |  1 +
 2 files changed, 19 insertions(+)

diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index 2be77126c..97cb5046a 100644
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -92,6 +92,24 @@ char *path_make_absolute(const char *p, const char *prefix) {
 }
 #endif // 0
 
+int safe_getcwd(char **ret) {
+        char *cwd;
+
+        cwd = get_current_dir_name();
+        if (!cwd)
+                return negative_errno();
+
+        /* Let's make sure the directory is really absolute, to protect us from the logic behind
+         * CVE-2018-1000001 */
+        if (cwd[0] != '/') {
+                free(cwd);
+                return -ENOMEDIUM;
+        }
+
+        *ret = cwd;
+        return 0;
+}
+
 int path_make_absolute_cwd(const char *p, char **ret) {
         char *c;
 
diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index 38e6c927c..9faa128e3 100644
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -45,6 +45,7 @@ bool path_is_absolute(const char *p) _pure_;
 #if 0 /// UNNEEDED by elogind
 char* path_make_absolute(const char *p, const char *prefix);
 #endif // 0
+int safe_getcwd(char **ret);
 int path_make_absolute_cwd(const char *p, char **ret);
 #if 0 /// UNNEEDED by elogind
 int path_make_relative(const char *from_dir, const char *to_path, char **_r);
-- 
2.30.2