kern/117010: [linux] linux_getdents() get somethinng like
buffer overflow
Alexander Leidinger
Alexander at Leidinger.net
Mon Jul 28 11:37:23 UTC 2008
Quoting "Roman Divacky" <rdivacky at freebsd.org> (from Mon, 28 Jul 2008
12:27:15 +0200):
>
> [snip of technical discussion]
>
> while I agree with the attitude that it should be fixed properly, we are
> in a situation where a simple patch fixes a problem. and the fix is correct.
>
> I think we should just commit Dmitry's patch and then talk about how
> to change
> linux_getdents() further. I looked at the Linux code and the
> alignment is really
> +2 for 32bit and +1 for 64 bit as Dmitry's patch does.
That's not the alignment, that's some simple but mandatory padding (a
comment should be written there what this is, for the "1" it's the
null byte of the name, for the second "1" (in the case of using "2"),
I don't know yet what it is). I haven't checked yet if the size
calculation (which has the wrong macro name ALIGN, it doesn't align,
it just used in the align process) does the right thing on 64bit
(padding to a 64bit boundary, so that the next entry starts at a 64bit
boundary = alignment of the structure).
> do you guys agree that fixing the problem the simplest/fastest way
> now and then
> changing other things is the correct way?
It may fix the problem of some specific test cases, but I'm not sure
it fixes all use cases. I see this as a partial fix to allow people to
do some more tests in other areas of the linuxulator while someone is
looking into a complete fix. I don't object if you commit it, but
don't think dirent is bugfree after this (I would call it a temporary
workaround).
Bye,
Alexander.
--
A day without sunshine ....
is like ... night!
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-emulation
mailing list