On 02/10/15 14:16, Florian Weimer wrote:
On 09/29/2015 01:37 PM, Jonathan Wakely wrote:>POSIX says that dirent::d_name has an unspecified length, so calls to >readdir_r must pass a buffer with enough trailing space for >{NAME_MAX}+1 characters. I wasn't doing that, which works OK on >GNU/Linux and BSD where d_name is a large array, but fails on Solaris >32-bit. > >This uses pathconf to get NAME_MAX and allocates a buffer.This still has a buffer overflow on certain file systems. You must not use readdir_r, it is deprecated and always insecure. We should probably mark it as such in the glibc headers.
The READDIR(3) man page should be updated as well, since it doesn't mention that readdir_r() is deprecated and always insecure.
-- Sebastian Huber, embedded brains GmbH Address : Dornierstr. 4, D-82178 Puchheim, Germany Phone : +49 89 189 47 41-16 Fax : +49 89 189 47 41-09 E-Mail : [email protected] PGP : Public key available on request. Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.
