This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author neologix
Recipients eric.araujo, matejcik, neologix, pitrou, rosslagerwall, santoso.wijaya, vstinner
Date 2011-08-29.17:55:44
SpamBayes Score 7.9647845e-07
Marked as misclassified No
Message-id <CAH_1eM1G8voscKqbJRXpB1zFfk0DucMALu9KvfnYECcoFe8NAw@mail.gmail.com>
In-reply-to <1314638722.57.0.162686353215.issue12801@psf.upfronthosting.co.za>
Content 
> POSIX the standard, or the implementers??
>

Both :-)

For those wondering why we can't use PATH_MAX (ignoring the buffer
overallocation), here's why:

https://www.securecoding.cert.org/confluence/display/cplusplus/FIO02-CPP.+Canonicalize+path+names+originating+from+untrusted+sources
"""
Avoid using this function. It is broken by design since (unless using
the non-standard resolved_path == NULL feature) it is impossible to
determine a suitable size for the output buffer, resolved_path.
According to POSIX a buffer of size PATH_MAX suffices, but PATH_MAX
need not be a defined constant, and may have to be obtained using
pathconf(3). And asking pathconf(3) does not really help, since on the
one hand POSIX warns that the result of pathconf(3) may be huge and
unsuitable for mallocing memory. And on the other hand pathconf(3) may
return -1 to signify that PATH_MAX is not bounded.
The libc4 and libc5 implementation contains a buffer overflow (fixed
in libc-5.4.13). As a result, set-user-ID programs like mount(8) need
a private version."""
History
Date User Action Args
2011-08-29 17:55:45neologixsetrecipients: + neologix, pitrou, vstinner, matejcik, eric.araujo, santoso.wijaya, rosslagerwall
2011-08-29 17:55:44neologixlinkissue12801 messages
2011-08-29 17:55:44neologixcreate