This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.16-ports-merge-477-g172a631
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 16 Oct 2012 08:34:47 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.16-ports-merge-477-g172a631
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 172a631a1fc8ec8fcef80af1f91438d092957c3e (commit)
from e9f372520618161d7d73e028ca23818e83b88bbc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=172a631a1fc8ec8fcef80af1f91438d092957c3e
commit 172a631a1fc8ec8fcef80af1f91438d092957c3e
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Oct 16 10:33:50 2012 +0200
__alloc_dir: avoid integer overflow in malloc argument
diff --git a/ChangeLog b/ChangeLog
index 0c05941..8e83c46 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-10-16 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #14700]
+ * sysdeps/posix/opendir.c (MAX_DIR_BUFFER_SIZE): New constant.
+ (__alloc_dir): Limit buffer to MAX_DIR_BUFFER_SIZE.
+
2012-10-16 Maxim Kuvyrkov <maxim@codesourcery.com>
* NEWS: Mention BZ #14716.
diff --git a/sysdeps/posix/opendir.c b/sysdeps/posix/opendir.c
index e093142..f1cc1ae 100644
--- a/sysdeps/posix/opendir.c
+++ b/sysdeps/posix/opendir.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1991-1996,98,2000-2003,2005,2007,2009,2011
- Free Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -33,6 +32,11 @@
#include <not-cancel.h>
#include <kernel-features.h>
+/* The st_blksize value of the directory is used as a hint for the
+ size of the buffer which receives struct dirent values from the
+ kernel. st_blksize is limited to MAX_DIR_BUFFER_SIZE, in case the
+ file system provides a bogus value. */
+#define MAX_DIR_BUFFER_SIZE 1048576U
/* opendir() must not accidentally open something other than a directory.
Some OS's have kernel support for that, some don't. In the worst
@@ -192,8 +196,11 @@ __alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
? sizeof (struct dirent64) : BUFSIZ);
size_t allocation = default_allocation;
#ifdef _STATBUF_ST_BLKSIZE
- if (statp != NULL && default_allocation < statp->st_blksize)
- allocation = statp->st_blksize;
+ /* Increase allocation if requested, but not if the value appears to
+ be bogus. */
+ if (statp != NULL)
+ allocation = MIN (MAX ((size_t) statp->st_blksize, default_allocation),
+ MAX_DIR_BUFFER_SIZE);
#endif
DIR *dirp = (DIR *) malloc (sizeof (DIR) + allocation);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
sysdeps/posix/opendir.c | 15 +++++++++++----
2 files changed, 17 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources