ABSTRACT

Calling getwd() with a buffer that is too small can result in a buffer overflow.

EXPLANATION

The function getwd() retrieves the absolute path of the current working directory. The function is a wrapper that calls getcwd(buf, PATH_MAX), thereby assuming that buf can hold at least PATH_MAX bytes. If buf is not large enough, an attacker can overflow the buffer by creating a directory with a very long name.

REFERENCES

[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A5 Buffer Overflow

[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3590.1 CAT I

[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 249, CWE ID 560

[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1

[5] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.2

[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.5