[PATCH] Enforce NAME_MAX in readdir_r

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Enforce NAME_MAX in readdir_r

Florian Weimer-5
This patch enforces the NAME_MAX limit in readdir_r.  The situation is
similar to getwd, realpath, and others with PATH_MAX—Linux does not
actually enforce the limit we've baked into the ABI.  User code does not
take this into account, so we have to check for the NAME_MAX limit and
skip large file names.  Error reporting is delayed until the end of the
directory, so that we do not truncate it on the first long name.

This patch supersedes the GETDENTS_64BIT_ALIGNED workaround for the
issue reported in bug 11333.  On architectures which define this macro,
the kernel-supplied string is sometimes truncated by glibc and not
properly NUL-terminated.  After the patch, we look at the actual string
length and check if it fits into the caller-supplied buffer.  This works
on all architectures, so the architecture-specific macro is no longer
necessary.

I did not touch readdir because it does not appear to be directly
harmful to return large names in that function because we manage the
buffer and the system call has a proper length check.

I regression-tested this on x86_64-redhat-linux-gnu.

--
Florian Weimer / Red Hat Product Security Team

readdir_-max.patch (94K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Enforce NAME_MAX in readdir_r

Siddhesh Poyarekar-3
You'll need to resubmit your patch.  It reverts all of H. J.'s hard
work.


Siddhesh
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Enforce NAME_MAX in readdir_r

Florian Weimer-5
On 10/12/2012 03:40 PM, Siddhesh Poyarekar wrote:
> You'll need to resubmit your patch.  It reverts all of H. J.'s hard
> work.

Yuck.  I picked the wrong file.  This should be the right one.

--
Florian Weimer / Red Hat Product Security Team

readdir_r-max.patch (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

[PING] [PATCH] Enforce NAME_MAX in readdir_r

Florian Weimer-5
In reply to this post by Florian Weimer-5
On 10/12/2012 03:21 PM, Florian Weimer wrote:

> This patch enforces the NAME_MAX limit in readdir_r.  The situation is
> similar to getwd, realpath, and others with PATH_MAX—Linux does not
> actually enforce the limit we've baked into the ABI.  User code does not
> take this into account, so we have to check for the NAME_MAX limit and
> skip large file names.  Error reporting is delayed until the end of the
> directory, so that we do not truncate it on the first long name.
>
> This patch supersedes the GETDENTS_64BIT_ALIGNED workaround for the
> issue reported in bug 11333.  On architectures which define this macro,
> the kernel-supplied string is sometimes truncated by glibc and not
> properly NUL-terminated.  After the patch, we look at the actual string
> length and check if it fits into the caller-supplied buffer.  This works
> on all architectures, so the architecture-specific macro is no longer
> necessary.
>
> I did not touch readdir because it does not appear to be directly
> harmful to return large names in that function because we manage the
> buffer and the system call has a proper length check.
>
> I regression-tested this on x86_64-redhat-linux-gnu.

Ping?

Patch is at: <http://sourceware.org/ml/libc-alpha/2012-10/msg00377.html>


--
Florian Weimer / Red Hat Product Security Team