Re: [PATCH] IMFS: don't strlen() an unterminated string in IMFS_dir_read().

Mon, 16 Mar 2015 12:35:41 -0700 

Hm, yes, there is more wrong here. The returned name must be NUL-terminated.  
Attached is a patch.  Maybe we should replace the MIN() with a static assertion 
that IMFS_NAME_MAX < sizeof(((struct dirent *)0)->d_name).

----- Joel Sherrill <joel.sherr...@oarcorp.com> schrieb:
> 
> 
> On 3/16/2015 1:18 PM, Sebastian Huber wrote:
> > Thanks for the fix, I checked it in.
> I commented on the commit. If there is a missing
> NULL at the readdir() point, that means that it
> wasn't put there at either creation or rename.
> 
> Sounds like this is a necessary patch but covering up
> what I think is a bug in both creation and rename since
> they don't appear to account for NULL.
> > _______________________________________________
> > devel mailing list
> > devel@rtems.org
> > http://lists.rtems.org/mailman/listinfo/devel
> 
> -- 
> Joel Sherrill, Ph.D.             Director of Research & Development
> joel.sherr...@oarcorp.com        On-Line Applications Research
> Ask me about RTEMS: a free RTOS  Huntsville AL 35805
> Support Available                (256) 722-9985


From b1f1076a8cec2940865c88bf3bf1e7b08239dc4d Mon Sep 17 00:00:00 2001
From: Sebastian Huber <sebastian.hu...@embedded-brains.de>
Date: Mon, 16 Mar 2015 20:28:20 +0100
Subject: [PATCH] IMFS: NUL-terminate name returned by readdir()

---
 cpukit/libfs/src/imfs/imfs_dir_default.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/cpukit/libfs/src/imfs/imfs_dir_default.c b/cpukit/libfs/src/imfs/imfs_dir_default.c
index 2f12072..b31a50e 100644
--- a/cpukit/libfs/src/imfs/imfs_dir_default.c
+++ b/cpukit/libfs/src/imfs/imfs_dir_default.c
@@ -19,6 +19,7 @@
 
 #include "imfs.h"
 
+#include <sys/param.h>
 #include <dirent.h>
 #include <string.h>
 
@@ -73,8 +74,10 @@ static ssize_t IMFS_dir_read(
          dir_ent->d_off = current_entry;
          dir_ent->d_reclen = sizeof( *dir_ent );
          dir_ent->d_ino = IMFS_node_to_ino( imfs_node );
-         dir_ent->d_namlen = imfs_node->namelen;
-         memcpy( dir_ent->d_name, imfs_node->name, dir_ent->d_namlen + 1 );
+         dir_ent->d_namlen =
+           MIN( imfs_node->namelen, sizeof( dir_ent->d_name ) - 1 );
+         dir_ent->d_name[ dir_ent->d_namlen ] = '\0';
+         memcpy( dir_ent->d_name, imfs_node->name, dir_ent->d_namlen );
 
          iop->offset += sizeof( *dir_ent );
          bytes_transferred += (ssize_t) sizeof( *dir_ent );
-- 
2.1.4


_______________________________________________
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel

Reply via email to