diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-09-29 14:40:58 +0200 | 
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-09-29 15:28:35 +0200 | 
| commit | 893fa014de0f73337ff4a4c9c531d6789b72f5bf (patch) | |
| tree | 28c78bdea72bff0e109e095181a9c8b6cef6004f /src | |
| parent | 8083d486d0ac8e159b2d1294c8f6be7b11f9cab6 (diff) | |
Fix buffer overrun when enumerating files
https://bugs.freedesktop.org/show_bug.cgi?id=69887
Based-on-a-patch-by: Hans Petter Jansson <hpj@copyleft.no>
Diffstat (limited to 'src')
| -rw-r--r-- | src/shared/util.c | 79 | ||||
| -rw-r--r-- | src/test/test-util.c | 10 | 
2 files changed, 36 insertions, 53 deletions
| diff --git a/src/shared/util.c b/src/shared/util.c index 200955376e..fb42d663a6 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -4412,38 +4412,31 @@ int dirent_ensure_type(DIR *d, struct dirent *de) {  }  int in_search_path(const char *path, char **search) { -        char **i, *parent; +        char **i; +        _cleanup_free_ char *parent = NULL;          int r;          r = path_get_parent(path, &parent);          if (r < 0)                  return r; -        r = 0; - -        STRV_FOREACH(i, search) { -                if (path_equal(parent, *i)) { -                        r = 1; -                        break; -                } -        } - -        free(parent); +        STRV_FOREACH(i, search) +                if (path_equal(parent, *i)) +                        return 1; -        return r; +        return 0;  }  int get_files_in_directory(const char *path, char ***list) { -        DIR *d; -        int r = 0; -        unsigned n = 0; -        char **l = NULL; +        _cleanup_closedir_ DIR *d = NULL; +        size_t bufsize = 0, n = 0; +        _cleanup_strv_free_ char **l = NULL;          assert(path);          /* Returns all files in a directory in *list, and the number           * of files as return value. If list is NULL returns only the -         * number */ +         * number. */          d = opendir(path);          if (!d) @@ -4455,11 +4448,9 @@ int get_files_in_directory(const char *path, char ***list) {                  int k;                  k = readdir_r(d, &buf.de, &de); -                if (k != 0) { -                        r = -k; -                        goto finish; -                } - +                assert(k >= 0); +                if (k > 0) +                        return -k;                  if (!de)                          break; @@ -4469,43 +4460,25 @@ int get_files_in_directory(const char *path, char ***list) {                          continue;                  if (list) { -                        if ((unsigned) r >= n) { -                                char **t; - -                                n = MAX(16, 2*r); -                                t = realloc(l, sizeof(char*) * n); -                                if (!t) { -                                        r = -ENOMEM; -                                        goto finish; -                                } - -                                l = t; -                        } - -                        assert((unsigned) r < n); +                        /* one extra slot is needed for the terminating NULL */ +                        if (!GREEDY_REALLOC(l, bufsize, n + 2)) +                                return -ENOMEM; -                        l[r] = strdup(de->d_name); -                        if (!l[r]) { -                                r = -ENOMEM; -                                goto finish; -                        } +                        l[n] = strdup(de->d_name); +                        if (!l[n]) +                                return -ENOMEM; -                        l[++r] = NULL; +                        l[++n] = NULL;                  } else -                        r++; +                        n++;          } -finish: -        if (d) -                closedir(d); - -        if (r >= 0) { -                if (list) -                        *list = l; -        } else -                strv_free(l); +        if (list) { +                *list = l; +                l = NULL; /* avoid freeing */ +        } -        return r; +        return n;  }  char *strjoin(const char *x, ...) { diff --git a/src/test/test-util.c b/src/test/test-util.c index ad13d53de3..c5762ede4b 100644 --- a/src/test/test-util.c +++ b/src/test/test-util.c @@ -27,6 +27,7 @@  #include <errno.h>  #include "util.h" +#include "strv.h"  static void test_streq_ptr(void) {          assert_se(streq_ptr(NULL, NULL)); @@ -582,6 +583,14 @@ static void test_fstab_node_to_udev_node(void) {          free(n);  } +static void test_get_files_in_directory(void) { +        _cleanup_strv_free_ char **l = NULL, **t = NULL; + +        assert_se(get_files_in_directory("/tmp", &l) >= 0); +        assert_se(get_files_in_directory(".", &l) >= 0); +        assert_se(get_files_in_directory(".", NULL) >= 0); +} +  int main(int argc, char *argv[]) {          test_streq_ptr();          test_first_word(); @@ -618,6 +627,7 @@ int main(int argc, char *argv[]) {          test_parse_user_at_host();          test_split_pair();          test_fstab_node_to_udev_node(); +        test_get_files_in_directory();          return 0;  } | 
