From 0e516e0e14f2f9783a21cd1727bc53776341f857 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Wed, 3 Nov 2010 00:25:45 -0400
Subject: [PATCH] Verify in ttyname() that the symlink is valid.

---
 ChangeLog                           |  8 ++++++++
 NEWS                                |  4 ++--
 sysdeps/unix/sysv/linux/ttyname.c   | 33 ++++++++++++++++++++++++++++-----
 sysdeps/unix/sysv/linux/ttyname_r.c | 32 +++++++++++++++++++++++++++-----
 4 files changed, 65 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 33c7a9b729..afed643aa8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2010-11-03  Ulrich Drepper  <drepper@gmail.com>
+
+	[BZ #12167]
+	* sysdeps/unix/sysv/linux/ttyname.c (ttyname): Recognize new mangling
+	of inacessible symlinks.  Verify result of symlink before returning it.
+	* sysdeps/unix/sysv/linux/ttyname_r.c (__ttyname_r): Likewise.
+	Patch mostly by Miklos Szeredi <miklos@szeredi.hu>.
+
 2010-10-28  Erich Ritz  <erichritz@gmail.com>
 
 	* math/math.h (isinf): Fix typo in comment.
diff --git a/NEWS b/NEWS
index 30bbd4bbf3..2cd953bcd3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-GNU C Library NEWS -- history of user-visible changes.  2010-10-24
+GNU C Library NEWS -- history of user-visible changes.  2010-11-2
 Copyright (C) 1992-2009, 2010 Free Software Foundation, Inc.
 See the end for copying conditions.
 
@@ -11,7 +11,7 @@ Version 2.13
 
   3268, 7066, 10851, 11611, 11640, 11701, 11840, 11856, 11883, 11903, 11904,
   11968, 11979, 12005, 12037, 12067, 12077, 12078, 12092, 12093, 12107, 12108,
-  12113, 12140, 12159
+  12113, 12140, 12159, 12167
 
 * New Linux interfaces: prlimit, prlimit64, fanotify_init, fanotify_mark
 
diff --git a/sysdeps/unix/sysv/linux/ttyname.c b/sysdeps/unix/sysv/linux/ttyname.c
index 69af6adc65..6cec3a9013 100644
--- a/sysdeps/unix/sysv/linux/ttyname.c
+++ b/sysdeps/unix/sysv/linux/ttyname.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1991,92,93,1996-2002,2006,2009 Free Software Foundation, Inc.
+/* Copyright (C) 1991-1993,1996-2002,2006,2009,2010
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -131,6 +132,9 @@ ttyname (int fd)
   if (__builtin_expect (__tcgetattr (fd, &term) < 0, 0))
     return NULL;
 
+  if (__fxstat64 (_STAT_VER, fd, &st) < 0)
+    return NULL;
+
   /* We try using the /proc filesystem.  */
   *_fitoa_word (fd, __stpcpy (procname, "/proc/self/fd/"), 10, 0) = '\0';
 
@@ -161,13 +165,32 @@ ttyname (int fd)
     {
       if ((size_t) len >= buflen)
 	return NULL;
+
+#define UNREACHABLE_LEN strlen ("(unreachable)")
+      if (len > UNREACHABLE_LEN
+	  && memcmp (ttyname_buf, "(unreachable)", UNREACHABLE_LEN) == 0)
+	{
+	  memmove (ttyname_buf, ttyname_buf + UNREACHABLE_LEN,
+		   len - UNREACHABLE_LEN);
+	  len -= UNREACHABLE_LEN;
+	}
+
       /* readlink need not terminate the string.  */
       ttyname_buf[len] = '\0';
-      return ttyname_buf;
-    }
 
-  if (__fxstat64 (_STAT_VER, fd, &st) < 0)
-    return NULL;
+      /* Verify readlink result, fall back on iterating through devices.  */
+      if (ttyname_buf[0] == '/'
+	  && __xstat64 (_STAT_VER, ttyname_buf, &st1) == 0
+#ifdef _STATBUF_ST_RDEV
+	  && S_ISCHR (st1.st_mode)
+	  && st1.st_rdev == st.st_rdev
+#else
+	  && st1.st_ino == st.st_ino
+	  && st1.st_dev == st.st_dev
+#endif
+	  )
+	return ttyname_buf;
+    }
 
   if (__xstat64 (_STAT_VER, "/dev/pts", &st1) == 0 && S_ISDIR (st1.st_mode))
     {
diff --git a/sysdeps/unix/sysv/linux/ttyname_r.c b/sysdeps/unix/sysv/linux/ttyname_r.c
index cef8624dc6..2fa7503471 100644
--- a/sysdeps/unix/sysv/linux/ttyname_r.c
+++ b/sysdeps/unix/sysv/linux/ttyname_r.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1991,92,93,1995-2001,2003,2006 Free Software Foundation, Inc.
+/* Copyright (C) 1991-1993,1995-2001,2003,2006,2010
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -122,6 +123,9 @@ __ttyname_r (int fd, char *buf, size_t buflen)
   if (__builtin_expect (__tcgetattr (fd, &term) < 0, 0))
     return errno;
 
+  if (__fxstat64 (_STAT_VER, fd, &st) < 0)
+    return errno;
+
   /* We try using the /proc filesystem.  */
   *_fitoa_word (fd, __stpcpy (procname, "/proc/self/fd/"), 10, 0) = '\0';
 
@@ -145,12 +149,30 @@ __ttyname_r (int fd, char *buf, size_t buflen)
 #endif
 			, 1))
     {
+#define UNREACHABLE_LEN strlen ("(unreachable)")
+      if (ret > UNREACHABLE_LEN
+	  && memcmp (buf, "(unreachable)", UNREACHABLE_LEN) == 0)
+	{
+	  memmove (buf, buf + UNREACHABLE_LEN, ret - UNREACHABLE_LEN);
+	  ret -= UNREACHABLE_LEN;
+	}
+
+      /* readlink need not terminate the string.  */
       buf[ret] = '\0';
-      return 0;
-    }
 
-  if (__fxstat64 (_STAT_VER, fd, &st) < 0)
-    return errno;
+      /* Verify readlink result, fall back on iterating through devices.  */
+      if (buf[0] == '/'
+	  && __xstat64 (_STAT_VER, buf, &st1) == 0
+#ifdef _STATBUF_ST_RDEV
+	  && S_ISCHR (st1.st_mode)
+	  && st1.st_rdev == st.st_rdev
+#else
+	  && st1.st_ino == st.st_ino
+	  && st1.st_dev == st.st_dev
+#endif
+	  )
+	return 0;
+    }
 
   /* Prepare the result buffer.  */
   memcpy (buf, "/dev/pts/", sizeof ("/dev/pts/"));
-- 
2.11.4.GIT