From 8bb9c4bca207462b44f22e993a007bad7e175077 Mon Sep 17 00:00:00 2001
From: Kevin Day <thekevinday@gmail.com>
Date: Tue, 17 May 2022 21:48:50 -0500
Subject: [PATCH] Security: The realpath() calls malloc() and free() is not
 called (memory leak).

I change the code and didn't realize that realpath() conditionally calls malloc().
When I change th code to pass a variable initialized to 0, I ended up triggering realpath() to call malloc().
This results in a memory leak.

Instead, pass a statically allocated array.
---
 level_0/f_path/c/private-path.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/level_0/f_path/c/private-path.c b/level_0/f_path/c/private-path.c
index c41f454..8ef4fed 100644
--- a/level_0/f_path/c/private-path.c
+++ b/level_0/f_path/c/private-path.c
@@ -8,9 +8,14 @@ extern "C" {
 #if !defined(_di_f_path_current_) || !defined(_di_f_path_real_)
   f_status_t private_f_path_real(const char *path, f_string_dynamic_t * const real) {
 
-    char *buffer = realpath(path, buffer);
+    // Use a static array so that realpath() does not call malloc().
+    char temporary[PATH_MAX];
 
-    if (buffer == 0) {
+    memset(temporary, 0, sizeof(char) * F_path_length_max_d);
+
+    char * const buffer = realpath(path, temporary);
+
+    if (!buffer) {
       if (errno == EACCES) return F_status_set_error(F_access_denied);
       if (errno == EINVAL) return F_status_set_error(F_parameter);
       if (errno == EIO) return F_status_set_error(F_input_output);
-- 
1.8.3.1