Calling getwd()
with a buffer that is too small can result in a buffer overflow.
The function getwd()
retrieves the absolute path of the current working directory. The function is a wrapper that calls getcwd(buf, PATH_MAX)
, thereby assuming that buf
can hold at least PATH_MAX
bytes. If buf
is not large enough, an attacker can overflow the buffer by creating a directory with a very long name.
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A5 Buffer Overflow
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3590.1 CAT I
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 249, CWE ID 560
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.2
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.5