It's like get_current_dir_name() but protects us from
CVE-2018-
1000001-style exploits:
https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
}
#endif // 0
+int safe_getcwd(char **ret) {
+ char *cwd;
+
+ cwd = get_current_dir_name();
+ if (!cwd)
+ return negative_errno();
+
+ /* Let's make sure the directory is really absolute, to protect us from the logic behind
+ * CVE-2018-1000001 */
+ if (cwd[0] != '/') {
+ free(cwd);
+ return -ENOMEDIUM;
+ }
+
+ *ret = cwd;
+ return 0;
+}
+
int path_make_absolute_cwd(const char *p, char **ret) {
char *c;
#if 0 /// UNNEEDED by elogind
char* path_make_absolute(const char *p, const char *prefix);
#endif // 0
+int safe_getcwd(char **ret);
int path_make_absolute_cwd(const char *p, char **ret);
#if 0 /// UNNEEDED by elogind
int path_make_relative(const char *from_dir, const char *to_path, char **_r);