cvs commit: src/lib/libc/gen readdir.c

Joerg Sonnenberger joerg at britannica.bec.de
Wed Aug 3 10:02:20 PDT 2005


On Wed, Aug 03, 2005 at 09:54:50AM -0700, Matthew Dillon wrote:
> 
> :On Wed, Aug 03, 2005 at 08:55:02AM -0700, Matthew Dillon wrote:
> :> 
> :> :On Tue, Aug 02, 2005 at 09:26:30AM -0700, Joerg Sonnenberger wrote:
> :> :> joerg       2005/08/02 09:26:30 PDT
> :> :> 
> :> :> DragonFly src repository
> :> :> 
> :> :>   Modified files:
> :> :>     lib/libc/gen         readdir.c 
> :> :>   Log:
> :> :>   Readd fix for FreeBSD PR/30631.
> :> :>   
> :> :>   No-cookie-for: David Rhodus
> :> :>   
> :> :>   Revision  Changes    Path
> :> :>   1.5       +2 -2      src/lib/libc/gen/readdir.c
> :> :> 
> :> :> 
> :> :> http://www.dragonflybsd.org/cvsweb/src/lib/libc/gen/readdir.c.diff?r1=1.4&r2=1.5&f=u
> :> :
> :> :Matt,
> :> :Any objection to an instant MFC?
> :> :
> :> :Joerg
> :> 
> :>     It looks fine, but the original code wasn't 'broken' per-say, relative
> :>     to how it was being used, so give it a week before you MFC.
> :
> :Well, given how often I received segfaults from Perl over the last
> :month, it was definetely broken :-)
> :
> :Joerg
> 
>     What is pearl doing that would cause this?  It should have no idea what
>     the size of the directory entry is so it ought to be providing a 
>     fully-sized dirent structure.  If it isn't, then there is likely a 
>     security issue that long filenames may trigger.

It's reading over the end of the buffer. That's what this patch fixes.
Check out the PR for the details, but basically you can hit it when
reading large directories.

Joerg





More information about the Commits mailing list