// CVE-2018-10000001 glibc realpath() buffer underflow
// getcwd(2) can return non-absolute paths, which glibc should reject
// from its getcwd(3) wrapper.
//
// Approach: intercept the
// getcwd INLINE_SYSCALL.  If it returned a success but without a
// leading "/" in the path, overwrite the success with a failure rc.

global misscount
global hitcount
global kill_p = 0
global fix_p = 0
global notify_p = 1

probe process("/lib64/libc.so.6").statement("__getcwd@../sysdeps/unix/sysv/linux/getcwd.c:82") 
{
  if ($retval >= 0 && $path[0] != 47 /* '/' */) {
    hitcount<<<1;
    if (notify_p)
      printf("cve-2018-1000001 bandaid %s[%d] %s\n",
	     execname(), tid(),
             $path$)
    if (kill_p)
      raise (9);
    if (fix_p) {
      $retval = -2; /* ENOENT */
    // @var("errno") = 2; <<<<<< need systemtap PR14013 for errno access
    }
  } else {
    misscount <<< 1;
  }
}

probe timer.s(60) if (notify_p) {
  printf("cve-2018-1000001 bandaid miss#%d hit#%d kill?%d fix?%d\n",
	 @count(misscount), @count(hitcount), kill_p, fix_p)
}