Full Disclosure mailing list archives
Re: readdir_r considered harmful
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 1 Nov 2005 14:12:05 +0300
Dear Ben Hutchings, If someone uses pathconf to determine buffer size it's his own problem and he creates vulnerability by himself. You can list such applications as vulnerable to race conditions. Recommended (according to POSIX) way is to use NAME_MAX: buf = (struct dirent *)malloc( offsetof(struct dirent, d_name) + NAME_MAX + 1)) See: The GNU C Library Reference Manual Chapter 14 and also POSIX standard itself says: The storage pointed to by entry shall be large enough for a dirent with an array of char d_name members containing at least {NAME_MAX}+1 elements. See: http://www.opengroup.org/onlinepubs/009695399/functions/readdir.html NAME_MAX is defined in limits.h and should be 255 according to latest POSIX extension. I see no problem with POSIX standard in this case. See: http://www.opengroup.org/onlinepubs/009695399/basedefs/limits.h.html --Tuesday, November 1, 2005, 6:57:03 AM, you wrote to bugtraq () securityfocus com: BH> readdir_r considered harmful BH> ============================ BH> if ((dir = opendir(argv[1])) BH> && (name_max = pathconf(argv[1], _PC_NAME_MAX)) > 0 BH> && (buf = (struct dirent *)malloc( BH> offsetof(struct dirent, d_name) + name_max + 1)) -- ~/ZARAZA http://www.security.nnov.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- readdir_r considered harmful Ben Hutchings (Nov 01)
- Re: readdir_r considered harmful 3APA3A (Nov 01)
- Re: readdir_r considered harmful Ben Hutchings (Nov 01)
- Re: readdir_r considered harmful Ben Hutchings (Nov 01)
- Re: readdir_r considered harmful Casper . Dik (Nov 05)
- Re: Re: readdir_r considered harmful Ulrich Drepper (Nov 05)
- Re: Re: readdir_r considered harmful Casper . Dik (Nov 06)
- Re: Re: readdir_r considered harmful Ulrich Drepper (Nov 06)
- Re: Re: readdir_r considered harmful Casper . Dik (Nov 07)
- Re: Re: readdir_r considered harmful Andrew Miller (Nov 07)
- Re: Re: readdir_r considered harmful Ulrich Drepper (Nov 05)
- Re: Re: readdir_r considered harmful Andrew Farmer (Nov 07)
- Re: Re: readdir_r considered harmful Casper . Dik (Nov 08)
- Re: readdir_r considered harmful 3APA3A (Nov 01)