From fd85f7ccb6d0d60bd693f4699d021caba3d4e5b2 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 16 Apr 2025 09:50:16 -0400 Subject: [PATCH] base: parse_plist_config CFReadStreamCreateWithFile fail errors If parse_plist_config() is called with a non-absolute path which is defined as a path whose first character is not '/', then CFReadStreamCreateWithFile() must determine the current working directory in order to return a CFURLRef to an absolute path. If getcwd() fails, then CFReadStreamCreateWithFile() returns NULL. Instead of unconditionally returning ENOMEM when NULL is returned, check if the path is non-absolute and call getcwd(). If getcwd() fails, return errno. Otherwise, return ENOMEM. This permits ENOENT (a component of the pathname no longer exists) or EACCES (read or search permission was denied for a component of the pathname) to be returned as the reason. ENOMEM is a fatal error when constructing the configuration for krb5_init_context() whereas ENOENT and EACCES are not fatal. Without this patch on macOS, if the cwd is in /afs and the user's tokens have expired, then krb5_init_context() fails with ENOMEM (12). user@MacBookAir user % ~/src/heimdal/kuser/heimtools klist shell-init: error retrieving current directory: \ getcwd: cannot access parent directories: Permission denied chdir: error retrieving current directory: \ getcwd: cannot access parent directories: Permission denied heimtools: krb5_init_context failed: 12 With this change krb5_init_context() succeeds. --- lib/base/config_file.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/base/config_file.c b/lib/base/config_file.c index b1675ea5f..e23c3391f 100644 --- a/lib/base/config_file.c +++ b/lib/base/config_file.c @@ -312,6 +312,11 @@ parse_plist_config(heim_context context, const char *path, heim_config_section * CFRelease(url); if (s == NULL) { heim_clear_error_message(context); + if (path[0] != '/') { + char cwd[PATH_MAX]; + if (getcwd(cwd, sizeof(cwd)) == NULL) + return errno; + } return ENOMEM; }