From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-408986-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 80696 invoked by alias); 2 Oct 2015 12:52:40 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 80674 invoked by uid 89); 2 Oct 2015 12:52:40 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-Spam-User: qpsmtpd, 2 recipients
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 02 Oct 2015 12:52:39 +0000
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])	by mx1.redhat.com (Postfix) with ESMTPS id 8C5303B3C2;	Fri,  2 Oct 2015 12:52:37 +0000 (UTC)
Received: from oldenburg.str.redhat.com (ovpn-204-25.brq.redhat.com [10.40.204.25])	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t92CqYON018209	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);	Fri, 2 Oct 2015 08:52:36 -0400
Subject: Re: [patch] libstdc++/67747 Allocate space for dirent::d_name
To: Sebastian Huber <sebastian.huber@embedded-brains.de>,        libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org
References: <20150929113726.GU12094@redhat.com> <560E759E.2000005@redhat.com> <560E7A97.3020108@embedded-brains.de>
From: Florian Weimer <fweimer@redhat.com>
Message-ID: <560E7E12.4010101@redhat.com>
Date: Fri, 02 Oct 2015 12:52:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <560E7A97.3020108@embedded-brains.de>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2015-10/txt/msg00207.txt.bz2

On 10/02/2015 02:37 PM, Sebastian Huber wrote:
> 
> 
> On 02/10/15 14:16, Florian Weimer wrote:
>> On 09/29/2015 01:37 PM, Jonathan Wakely wrote:
>>> >POSIX says that dirent::d_name has an unspecified length, so calls to
>>> >readdir_r must pass a buffer with enough trailing space for
>>> >{NAME_MAX}+1 characters. I wasn't doing that, which works OK on
>>> >GNU/Linux and BSD where d_name is a large array, but fails on Solaris
>>> >32-bit.
>>> >
>>> >This uses pathconf to get NAME_MAX and allocates a buffer.
>> This still has a buffer overflow on certain file systems.
>>
>> You must not use readdir_r, it is deprecated and always insecure.  We
>> should probably mark it as such in the glibc headers.
> 
> The READDIR(3) man page should be updated as well, since it doesn't
> mention that readdir_r() is deprecated and always insecure.

Right, and I filed: https://bugzilla.kernel.org/show_bug.cgi?id=105391

Florian