[PATCH v2] Add bounds checking to sys_getdents, sys_getdents64
Mike Frysinger
vapier at gentoo.org
Mon Aug 4 02:30:35 UTC 2014
On Mon 04 Aug 2014 07:42:57 zubin.mithra at gmail.com wrote:
> From: Zubin Mithra <zubin.mithra at gmail.com>
>
> * file.c (sys_getdents): Add d_reclen check.
> (sys_getdents64): Add d_reclen check.
>
> Signed-off-by: Zubin Mithra <zubin.mithra at gmail.com>
> ---
> file.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/file.c b/file.c
> index a92a7dc..0934ce1 100644
> --- a/file.c
> +++ b/file.c
> @@ -2076,6 +2076,10 @@ sys_getdents(struct tcb *tcp)
> i ? " " : "", d->d_ino, d->d_off);
> tprintf("d_reclen=%u, d_name=\"%s\", d_type=",
> d->d_reclen, d->d_name);
> + if (i + d->d_reclen >= len) {
i don't think we have to worry about integer overflow as d_reclen is normally
a short. as such, this LGTM. thanks !
Acked-by: Mike Frysinger <vapier at gentoo.org>
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20140803/fe78b78f/attachment.bin>
More information about the Strace-devel
mailing list