careadlinkat: Guard against misuse of careadlinkatcwd.

* lib/careadlinkat.c: Include <stdlib.h>.
(careadlinkatcwd): Check that the fd argument is as expected.

diff --git a/ChangeLog b/ChangeLog
index 493144a7c7c6634f6d59d650d6e4131f35da7aa8..8ea526d8dae0c300b5c2195d3956878cc42f6e4f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-04-09  Bruno Haible  <bruno@clisp.org>
+
+       careadlinkat: Guard against misuse of careadlinkatcwd.
+       * lib/careadlinkat.c: Include <stdlib.h>.
+       (careadlinkatcwd): Check that the fd argument is as expected.
+
 2011-04-09  Bruno Haible  <bruno@clisp.org>
 
        careadlinkat: Use common coding style.

diff --git a/lib/careadlinkat.c b/lib/careadlinkat.c
index 95611f876c454fd4fb9dc81036394ecb0b826321..e2909c766d5f1969d42b415499f90139e8d9f7aa 100644 (file)
--- a/lib/careadlinkat.c
+++ b/lib/careadlinkat.c
@@ -24,6 +24,7 @@
 
 #include <errno.h>
 #include <limits.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -39,14 +40,17 @@
 #include "allocator.h"
 
 #if ! HAVE_READLINKAT
-/* Ignore FD.  Get the symbolic link value of FILENAME and put it into
-   BUFFER, with size BUFFER_SIZE.  This function acts like readlink
-   but has readlinkat's signature.  */
+/* Get the symbolic link value of FILENAME and put it into BUFFER, with
+   size BUFFER_SIZE.  This function acts like readlink  but has
+   readlinkat's signature.  */
 ssize_t
 careadlinkatcwd (int fd, char const *filename, char *buffer,
                  size_t buffer_size)
 {
-  (void) fd;
+  /* FD must be AT_FDCWD here, otherwise the caller is using this
+     function in contexts for which it was not meant for.  */
+  if (fd != AT_FDCWD)
+    abort ();
   return readlink (filename, buffer, buffer_size);
 }
 #endif