From bdfd8afae05965555600eb43d661d4c7686ebd68 Mon Sep 17 00:00:00 2001
From: Bruno Haible <bruno@clisp.org>
Date: Sat, 9 Apr 2011 20:59:16 +0200
Subject: [PATCH] careadlinkat: Guard against misuse of careadlinkatcwd.

* lib/careadlinkat.c: Include <stdlib.h>.
(careadlinkatcwd): Check that the fd argument is as expected.
---
 ChangeLog          |  6 ++++++
 lib/careadlinkat.c | 12 ++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 493144a7c7..8ea526d8da 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-04-09  Bruno Haible  <bruno@clisp.org>
+
+	careadlinkat: Guard against misuse of careadlinkatcwd.
+	* lib/careadlinkat.c: Include <stdlib.h>.
+	(careadlinkatcwd): Check that the fd argument is as expected.
+
 2011-04-09  Bruno Haible  <bruno@clisp.org>
 
 	careadlinkat: Use common coding style.
diff --git a/lib/careadlinkat.c b/lib/careadlinkat.c
index 95611f876c..e2909c766d 100644
--- a/lib/careadlinkat.c
+++ b/lib/careadlinkat.c
@@ -24,6 +24,7 @@
 
 #include <errno.h>
 #include <limits.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -39,14 +40,17 @@
 #include "allocator.h"
 
 #if ! HAVE_READLINKAT
-/* Ignore FD.  Get the symbolic link value of FILENAME and put it into
-   BUFFER, with size BUFFER_SIZE.  This function acts like readlink
-   but has readlinkat's signature.  */
+/* Get the symbolic link value of FILENAME and put it into BUFFER, with
+   size BUFFER_SIZE.  This function acts like readlink  but has
+   readlinkat's signature.  */
 ssize_t
 careadlinkatcwd (int fd, char const *filename, char *buffer,
                  size_t buffer_size)
 {
-  (void) fd;
+  /* FD must be AT_FDCWD here, otherwise the caller is using this
+     function in contexts for which it was not meant for.  */
+  if (fd != AT_FDCWD)
+    abort ();
   return readlink (filename, buffer, buffer_size);
 }
 #endif
-- 
2.30.2