From 0c638872ae7d33a36c6548c720aa1333b7683510 Mon Sep 17 00:00:00 2001
From: Bastien ROUCARIES <address@hidden>
Date: Tue, 11 Jan 2011 18:15:44 +0100
Subject: [PATCH 2/3] Reject early NULL path and empty path in *at function

Reject early and set errno when user pass a NULL string or empty string
as path for *at function.

Previous version leads to a NULL deference in case of NULL string.
---
 lib/at-func.c     |   14 ++++++++++++++
 lib/at-func2.c    |   15 ++++++++++++++-
 lib/openat-proc.c |    7 -------
 lib/openat.c      |   15 +++++++++++++++
 4 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/lib/at-func.c b/lib/at-func.c
index 31a75f1..f7e2667 100644
--- a/lib/at-func.c
+++ b/lib/at-func.c
@@ -71,6 +71,20 @@ AT_FUNC_NAME (int fd, char const *file AT_FUNC_POST_FILE_PARAM_DECLS)
 
   if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
     return CALL_FUNC (file);
+  
+  /* NULL string are forbidden */
+  if (file == NULL)
+    {
+      errno = EFAULT;
+      return FUNC_FAIL;
+    }
+
+  /* empty string */
+  if (!*file)
+    {
+      errno = ENOENT;
+      return FUNC_FAIL;
+    }
 
   {
     char proc_buf[OPENAT_BUFFER_SIZE];
diff --git a/lib/at-func2.c b/lib/at-func2.c
index 29e6772..1cb55cc 100644
--- a/lib/at-func2.c
+++ b/lib/at-func2.c
@@ -73,11 +73,24 @@ at_func2 (int fd1, char const *file1,
 
      Try some optimizations to reduce fd to AT_FDCWD, or to at least
      avoid converting an absolute name or doing a double chdir.  */
-
   if ((fd1 == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file1))
       && (fd2 == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file2)))
     return func (file1, file2); /* Case 0-2, 4-6, 8-10.  */
 
+  /* NULL string are forbidden */
+  if (file1 == NULL || file2 == NULL)
+    {
+      errno = EFAULT;
+      return -1;
+    }
+
+  /* empty string */
+  if (!*file1 || !*file2)
+    {
+      errno = ENOENT;
+      return -1;
+    }
+
   /* If /proc/self/fd works, we don't need any stat or chdir.  */
   {
     char proc_buf1[OPENAT_BUFFER_SIZE];
diff --git a/lib/openat-proc.c b/lib/openat-proc.c
index d543491..9bd88bf 100644
--- a/lib/openat-proc.c
+++ b/lib/openat-proc.c
@@ -64,13 +64,6 @@ openat_proc_name (char buf[OPENAT_BUFFER_SIZE], int fd, char const *file)
 {
   static int proc_status = 0;
 
-  /* Make sure the caller gets ENOENT when appropriate.  */
-  if (!*file)
-    {
-      buf[0] = '\0';
-      return buf;
-    }
-
   if (! proc_status)
     {
       /* Set PROC_STATUS to a positive value if /proc/self/fd is
diff --git a/lib/openat.c b/lib/openat.c
index 55e12e2..64b1dca 100644
--- a/lib/openat.c
+++ b/lib/openat.c
@@ -174,6 +174,21 @@ openat_permissive (int fd, char const *file, int flags, mode_t mode,
 
   if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
     return open (file, flags, mode);
+  
+  /* NULL string are forbidden */
+  if (file == NULL)
+    {
+      errno = EFAULT;
+      return -1;
+    }
+
+  /* empty string */
+  if (!*file)
+    {
+      errno = ENOENT;
+      return -1;
+    }
+
 
   {
     char buf[OPENAT_BUFFER_SIZE];
-- 
1.7.1