Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/lib/libc/gen/getcwd.c,v
retrieving revision 1.25
retrieving revision 1.33
diff -u -p -r1.25 -r1.33
--- src/lib/libc/gen/getcwd.c	2002/04/16 19:08:43	1.25
+++ src/lib/libc/gen/getcwd.c	2005/01/06 00:07:41	1.33
@@ -1,4 +1,4 @@
-/*	$NetBSD: getcwd.c,v 1.25 2002/04/16 19:08:43 groo Exp $	*/
+/*	$NetBSD: getcwd.c,v 1.33 2005/01/06 00:07:41 christos Exp $	*/
 
 /*
  * Copyright (c) 1989, 1991, 1993, 1995
@@ -15,11 +15,7 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
@@ -41,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)getcwd.c	8.5 (Berkeley) 2/7/95";
 #else
-__RCSID("$NetBSD: getcwd.c,v 1.25 2002/04/16 19:08:43 groo Exp $");
+__RCSID("$NetBSD: getcwd.c,v 1.33 2005/01/06 00:07:41 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -95,7 +91,7 @@ realpath(path, resolved)
 
 	/* Save the starting point. */
 	if ((fd = open(".", O_RDONLY)) < 0) {
-		(void)strcpy(resolved, ".");
+		(void)strlcpy(resolved, ".", MAXPATHLEN);
 		return (NULL);
 	}
 
@@ -107,8 +103,10 @@ realpath(path, resolved)
 	 *     if it is a directory, then change to that directory.
 	 * get the current directory name and append the basename.
 	 */
-	(void)strncpy(resolved, path, MAXPATHLEN - 1);
-	resolved[MAXPATHLEN - 1] = '\0';
+	if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) {
+		errno = ENAMETOOLONG;
+		goto err1;
+	}
 loop:
 	q = strrchr(resolved, '/');
 	if (q != NULL) {
@@ -134,7 +132,7 @@ loop:
 				errno = ELOOP;
 				goto err1;
 			}
-			n = readlink(p, resolved, MAXPATHLEN);
+			n = readlink(p, resolved, MAXPATHLEN-1);
 			if (n < 0)
 				goto err1;
 			resolved[n] = '\0';
@@ -151,7 +149,10 @@ loop:
 	 * Save the last component name and get the full pathname of
 	 * the current directory.
 	 */
-	(void)strlcpy(wbuf, p, sizeof(wbuf));
+	if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) {
+		errno = ENAMETOOLONG;
+		goto err1;
+	}
 
 	/*
 	 * Call the inernal internal version of getcwd which
@@ -170,13 +171,20 @@ loop:
 		rootd = 0;
 
 	if (*wbuf) {
-		if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
+		if (strlen(resolved) + strlen(wbuf) + (rootd ? 0 : 1) + 1 >
+		    MAXPATHLEN) {
 			errno = ENAMETOOLONG;
 			goto err1;
 		}
 		if (rootd == 0)
-			(void)strcat(resolved, "/"); /* XXX: strcat is safe */
-		(void)strcat(resolved, wbuf);	/* XXX: strcat is safe */
+			if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) {
+				errno = ENAMETOOLONG;
+				goto err1;
+			}
+		if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) {
+			errno = ENAMETOOLONG;
+			goto err1;
+		}
 	}
 
 	/* Go back to where we came from. */
@@ -214,7 +222,7 @@ getcwd(pt, size)
 	ino_t root_ino;
 	size_t ptsize, upsize;
 	int save_errno;
-	char *ept, *eup, *up;
+	char *ept, *eup, *up, *nup;
 	size_t dlen;
 
 	/*
@@ -238,13 +246,13 @@ getcwd(pt, size)
 	*bpt = '\0';
 
 	/*
-	 * Allocate bytes (1024 - malloc space) for the string of "../"'s.
+	 * Allocate bytes for the string of "../"'s.
 	 * Should always be enough (it's 340 levels).  If it's not, allocate
 	 * as necessary.  Special case the first stat, it's ".", not "..".
 	 */
-	if ((up = malloc(upsize = 1024 - 4)) == NULL)
+	if ((up = malloc(upsize = MAXPATHLEN)) == NULL)
 		goto err;
-	eup = up + MAXPATHLEN;
+	eup = up + upsize;
 	bup = up;
 	up[0] = '.';
 	up[1] = '\0';
@@ -284,10 +292,11 @@ getcwd(pt, size)
 		 * as necessary.  Max length is 3 for "../", the largest
 		 * possible component name, plus a trailing NULL.
 		 */
-		if (bup + 3  + MAXNAMLEN + 1 >= eup) {
-			if ((up = realloc(up, upsize *= 2)) == NULL)
+		if (bup + 3 + MAXNAMLEN + 1 >= eup) {
+			if ((nup = realloc(up, upsize *= 2)) == NULL)
 				goto err;
-			bup = up;
+			bup = nup + (buf - up);
+			up = nup;
 			eup = up + upsize;
 		}
 		*bup++ = '.';