The buffer passed to realpath()
should hold at least PATH_MAX
bytes.
The C standard library function realpath()
takes two arguments. The first argument specifies a filename to be converted to canonical form. The second argument specifies an output buffer. Regardless of the length of the canonicalized file name, realpath()
will not write more than PATH_MAX
bytes to the output buffer.
Some programmers incorrectly assume that, by allocating a buffer of size PATH_MAX
, there will always be enough room in the buffer to hold any file name that might be found on the system. However, PATH_MAX
only bounds the longest possible relative path that can be passed to the kernel in a single call. On most Unix and Linux systems, there is no easily-determined maximum length for a path.
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A5 Buffer Overflow
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3590.1 CAT I
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 249, CWE ID 560
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.2
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.5
[7] The GNU C Library Reference Manual The GNU Software Foundation