Date: Mon, 26 Nov 2018 14:01:05 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r340970 - in stable/12/sys: cddl/contrib/opensolaris/uts/common/fs/zfs fs/autofs fs/cd9660 fs/devfs fs/ext2fs fs/fdescfs fs/fuse fs/msdosfs fs/nandfs fs/nfsclient fs/pseudofs fs/smbfs f... Message-ID: <201811261401.wAQE15tF004718@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Mon Nov 26 14:01:05 2018 New Revision: 340970 URL: https://svnweb.freebsd.org/changeset/base/340970 Log: MFC r340787 (by rmacklem), r340856, r340859: Ensure that directory entry padding bytes are zeroed. Modified: stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c stable/12/sys/fs/autofs/autofs_vnops.c stable/12/sys/fs/cd9660/cd9660_vnops.c stable/12/sys/fs/devfs/devfs_devs.c stable/12/sys/fs/ext2fs/ext2_lookup.c stable/12/sys/fs/fdescfs/fdesc_vnops.c stable/12/sys/fs/fuse/fuse_internal.c stable/12/sys/fs/msdosfs/msdosfs_vnops.c stable/12/sys/fs/nandfs/nandfs_vnops.c stable/12/sys/fs/nfsclient/nfs_clrpcops.c stable/12/sys/fs/pseudofs/pseudofs_vnops.c stable/12/sys/fs/smbfs/smbfs_io.c stable/12/sys/fs/tmpfs/tmpfs_subr.c stable/12/sys/fs/tmpfs/tmpfs_vfsops.c stable/12/sys/fs/tmpfs/tmpfs_vnops.c stable/12/sys/fs/udf/udf_vnops.c stable/12/sys/kern/uipc_mqueue.c stable/12/sys/kern/vfs_export.c stable/12/sys/sys/dirent.h stable/12/sys/ufs/ufs/ufs_vnops.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c ============================================================================== --- stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c Mon Nov 26 14:01:05 2018 (r340970) @@ -262,9 +262,9 @@ sfs_readdir_common(uint64_t parent_id, uint64_t id, st entry.d_fileno = id; entry.d_type = DT_DIR; entry.d_name[0] = '.'; - entry.d_name[1] = '\0'; entry.d_namlen = 1; entry.d_reclen = sizeof(entry); + dirent_terminate(&entry); error = vfs_read_dirent(ap, &entry, uio->uio_offset); if (error != 0) return (SET_ERROR(error)); @@ -277,9 +277,9 @@ sfs_readdir_common(uint64_t parent_id, uint64_t id, st entry.d_type = DT_DIR; entry.d_name[0] = '.'; entry.d_name[1] = '.'; - entry.d_name[2] = '\0'; entry.d_namlen = 2; entry.d_reclen = sizeof(entry); + dirent_terminate(&entry); error = vfs_read_dirent(ap, &entry, uio->uio_offset); if (error != 0) return (SET_ERROR(error)); @@ -694,6 +694,7 @@ zfsctl_root_readdir(ap) strcpy(entry.d_name, node->snapdir->sn_name); entry.d_namlen = strlen(entry.d_name); entry.d_reclen = sizeof(entry); + dirent_terminate(&entry); error = vfs_read_dirent(ap, &entry, uio->uio_offset); if (error != 0) { if (error == ENAMETOOLONG) @@ -1099,6 +1100,7 @@ zfsctl_snapdir_readdir(ap) entry.d_reclen = sizeof(entry); /* NOTE: d_off is the offset for the *next* entry. */ entry.d_off = cookie + dots_offset; + dirent_terminate(&entry); error = vfs_read_dirent(ap, &entry, uio->uio_offset); if (error != 0) { if (error == ENAMETOOLONG) Modified: stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c ============================================================================== --- stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -2547,6 +2547,7 @@ zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int * next = &odp->d_off; (void) strlcpy(odp->d_name, zap.za_name, odp->d_namlen + 1); odp->d_type = type; + dirent_terminate(odp); odp = (dirent64_t *)((intptr_t)odp + reclen); } outcount += reclen; Modified: stable/12/sys/fs/autofs/autofs_vnops.c ============================================================================== --- stable/12/sys/fs/autofs/autofs_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/autofs/autofs_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#include <sys/systm.h> #include <sys/kernel.h> #include <sys/condvar.h> #include <sys/dirent.h> @@ -44,7 +45,6 @@ __FBSDID("$FreeBSD$"); #include <sys/namei.h> #include <sys/signalvar.h> #include <sys/stat.h> -#include <sys/systm.h> #include <sys/taskqueue.h> #include <sys/tree.h> #include <sys/vnode.h> @@ -354,14 +354,11 @@ autofs_readdir_one(struct uio *uio, const char *name, size_t *reclenp) { struct dirent dirent; - size_t namlen, padded_namlen, reclen; + size_t namlen, reclen; int error; namlen = strlen(name); - padded_namlen = roundup2(namlen + 1, __alignof(struct dirent)); - KASSERT(padded_namlen <= MAXNAMLEN, ("%zd > MAXNAMLEN", padded_namlen)); - reclen = offsetof(struct dirent, d_name) + padded_namlen; - + reclen = _GENERIC_DIRLEN(namlen); if (reclenp != NULL) *reclenp = reclen; @@ -376,7 +373,7 @@ autofs_readdir_one(struct uio *uio, const char *name, dirent.d_type = DT_DIR; dirent.d_namlen = namlen; memcpy(dirent.d_name, name, namlen); - memset(dirent.d_name + namlen, 0, padded_namlen - namlen); + dirent_terminate(&dirent); error = uiomove(&dirent, reclen, uio); return (error); Modified: stable/12/sys/fs/cd9660/cd9660_vnops.c ============================================================================== --- stable/12/sys/fs/cd9660/cd9660_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/cd9660/cd9660_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -380,8 +380,8 @@ iso_uiodir(idp,dp,off) { int error; - dp->d_name[dp->d_namlen] = 0; dp->d_reclen = GENERIC_DIRSIZ(dp); + dirent_terminate(dp); if (idp->uio->uio_resid < dp->d_reclen) { idp->eofflag = 0; Modified: stable/12/sys/fs/devfs/devfs_devs.c ============================================================================== --- stable/12/sys/fs/devfs/devfs_devs.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/devfs/devfs_devs.c Mon Nov 26 14:01:05 2018 (r340970) @@ -226,7 +226,7 @@ devfs_newdirent(char *name, int namelen) de->de_dirent->d_namlen = namelen; de->de_dirent->d_reclen = GENERIC_DIRSIZ(&d); bcopy(name, de->de_dirent->d_name, namelen); - de->de_dirent->d_name[namelen] = '\0'; + dirent_terminate(de->de_dirent); vfs_timestamp(&de->de_ctime); de->de_mtime = de->de_atime = de->de_ctime; de->de_links = 1; Modified: stable/12/sys/fs/ext2fs/ext2_lookup.c ============================================================================== --- stable/12/sys/fs/ext2fs/ext2_lookup.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/ext2fs/ext2_lookup.c Mon Nov 26 14:01:05 2018 (r340970) @@ -223,9 +223,9 @@ ext2_readdir(struct vop_readdir_args *ap) dstdp.d_fileno = dp->e2d_ino; dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); bcopy(dp->e2d_name, dstdp.d_name, dstdp.d_namlen); - dstdp.d_name[dstdp.d_namlen] = '\0'; /* NOTE: d_off is the offset of the *next* entry. */ dstdp.d_off = offset + dp->e2d_reclen; + dirent_terminate(&dstdp); if (dstdp.d_reclen > uio->uio_resid) { if (uio->uio_resid == startresid) error = EINVAL; Modified: stable/12/sys/fs/fdescfs/fdesc_vnops.c ============================================================================== --- stable/12/sys/fs/fdescfs/fdesc_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/fdescfs/fdesc_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -561,8 +561,8 @@ fdesc_readdir(struct vop_readdir_args *ap) dp->d_namlen = i + 1; dp->d_reclen = UIO_MX; bcopy("..", dp->d_name, dp->d_namlen); - dp->d_name[i + 1] = '\0'; dp->d_type = DT_DIR; + dirent_terminate(dp); break; default: if (fdp->fd_ofiles[fcnt].fde_file == NULL) @@ -572,6 +572,7 @@ fdesc_readdir(struct vop_readdir_args *ap) dp->d_type = (fmp->flags & FMNT_LINRDLNKF) == 0 ? DT_CHR : DT_LNK; dp->d_fileno = i + FD_DESC; + dirent_terminate(dp); break; } /* NOTE: d_off is the offset of the *next* entry. */ Modified: stable/12/sys/fs/fuse/fuse_internal.c ============================================================================== --- stable/12/sys/fs/fuse/fuse_internal.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/fuse/fuse_internal.c Mon Nov 26 14:01:05 2018 (r340970) @@ -357,7 +357,7 @@ fuse_internal_readdir_processdata(struct uio *uio, memcpy((char *)cookediov->base + sizeof(struct dirent) - MAXNAMLEN - 1, (char *)buf + FUSE_NAME_OFFSET, fudge->namelen); - ((char *)cookediov->base)[bytesavail - 1] = '\0'; + dirent_terminate(de); err = uiomove(cookediov->base, cookediov->len, uio); if (err) { Modified: stable/12/sys/fs/msdosfs/msdosfs_vnops.c ============================================================================== --- stable/12/sys/fs/msdosfs/msdosfs_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/msdosfs/msdosfs_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -1550,16 +1550,18 @@ msdosfs_readdir(struct vop_readdir_args *ap) switch (n) { case 0: dirbuf.d_namlen = 1; - strcpy(dirbuf.d_name, "."); + dirbuf.d_name[0] = '.'; break; case 1: dirbuf.d_namlen = 2; - strcpy(dirbuf.d_name, ".."); + dirbuf.d_name[0] = '.'; + dirbuf.d_name[1] = '.'; break; } dirbuf.d_reclen = GENERIC_DIRSIZ(&dirbuf); /* NOTE: d_off is the offset of the *next* entry. */ dirbuf.d_off = offset + sizeof(struct direntry); + dirent_terminate(&dirbuf); if (uio->uio_resid < dirbuf.d_reclen) goto out; error = uiomove(&dirbuf, dirbuf.d_reclen, uio); Modified: stable/12/sys/fs/nandfs/nandfs_vnops.c ============================================================================== --- stable/12/sys/fs/nandfs/nandfs_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/nandfs/nandfs_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -1226,7 +1226,7 @@ nandfs_readdir(struct vop_readdir_args *ap) ndirent = (struct nandfs_dir_entry *)pos; name_len = ndirent->name_len; - memset(&dirent, 0, sizeof(struct dirent)); + memset(&dirent, 0, sizeof(dirent)); dirent.d_fileno = ndirent->inode; if (dirent.d_fileno) { dirent.d_type = ndirent->file_type; @@ -1235,6 +1235,7 @@ nandfs_readdir(struct vop_readdir_args *ap) dirent.d_reclen = GENERIC_DIRSIZ(&dirent); /* NOTE: d_off is the offset of the *next* entry. */ dirent.d_off = diroffset + ndirent->rec_len; + dirent_terminate(&dirent); DPRINTF(READDIR, ("copying `%*.*s`\n", name_len, name_len, dirent.d_name)); } @@ -1248,7 +1249,7 @@ nandfs_readdir(struct vop_readdir_args *ap) /* Transfer */ if (dirent.d_fileno) - uiomove(&dirent, GENERIC_DIRSIZ(&dirent), uio); + uiomove(&dirent, dirent.d_reclen, uio); /* Advance */ diroffset += ndirent->rec_len; Modified: stable/12/sys/fs/nfsclient/nfs_clrpcops.c ============================================================================== --- stable/12/sys/fs/nfsclient/nfs_clrpcops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/nfsclient/nfs_clrpcops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -2959,6 +2959,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 return (error); nd->nd_mrep = NULL; dp = (struct dirent *)uio_iov_base(uiop); + dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; dp->d_type = DT_DIR; dp->d_fileno = dotfileid; @@ -2978,6 +2979,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 uio_iov_base_add(uiop, dp->d_reclen); uio_iov_len_add(uiop, -(dp->d_reclen)); dp = (struct dirent *)uio_iov_base(uiop); + dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; dp->d_type = DT_DIR; dp->d_fileno = dotdotfileid; @@ -3091,6 +3093,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 tlen += 8; /* To ensure null termination. */ left = DIRBLKSIZ - blksiz; if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) { + NFSBZERO(uio_iov_base(uiop), left); dp->d_reclen += left; uio_iov_base_add(uiop, left); uio_iov_len_add(uiop, -(left)); @@ -3103,6 +3106,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 bigenough = 0; if (bigenough) { dp = (struct dirent *)uio_iov_base(uiop); + dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; dp->d_namlen = len; dp->d_reclen = _GENERIC_DIRLEN(len) + @@ -3120,7 +3124,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 goto nfsmout; cp = uio_iov_base(uiop); tlen -= len; - *cp = '\0'; /* null terminate */ + NFSBZERO(cp, tlen); cp += tlen; /* points to cookie storage */ tl2 = (u_int32_t *)cp; uio_iov_base_add(uiop, (tlen + NFSX_HYPER)); @@ -3208,6 +3212,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 */ if (blksiz > 0) { left = DIRBLKSIZ - blksiz; + NFSBZERO(uio_iov_base(uiop), left); dp->d_reclen += left; uio_iov_base_add(uiop, left); uio_iov_len_add(uiop, -(left)); @@ -3235,10 +3240,8 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64 */ while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) { dp = (struct dirent *)uio_iov_base(uiop); + NFSBZERO(dp, DIRBLKSIZ); dp->d_type = DT_UNKNOWN; - dp->d_fileno = 0; - dp->d_namlen = 0; - dp->d_name[0] = '\0'; tl = (u_int32_t *)&dp->d_name[4]; *tl++ = cookie.lval[0]; *tl = cookie.lval[1]; @@ -3393,6 +3396,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui return (error); nd->nd_mrep = NULL; dp = (struct dirent *)uio_iov_base(uiop); + dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; dp->d_type = DT_DIR; dp->d_fileno = dotfileid; @@ -3412,6 +3416,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui uio_iov_base_add(uiop, dp->d_reclen); uio_iov_len_add(uiop, -(dp->d_reclen)); dp = (struct dirent *)uio_iov_base(uiop); + dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; dp->d_type = DT_DIR; dp->d_fileno = dotdotfileid; @@ -3506,6 +3511,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui tlen += 8; /* To ensure null termination. */ left = DIRBLKSIZ - blksiz; if (_GENERIC_DIRLEN(len) + NFSX_HYPER > left) { + NFSBZERO(uio_iov_base(uiop), left); dp->d_reclen += left; uio_iov_base_add(uiop, left); uio_iov_len_add(uiop, -(left)); @@ -3518,6 +3524,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui bigenough = 0; if (bigenough) { dp = (struct dirent *)uio_iov_base(uiop); + dp->d_pad0 = dp->d_pad1 = 0; dp->d_off = 0; dp->d_namlen = len; dp->d_reclen = _GENERIC_DIRLEN(len) + @@ -3538,7 +3545,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui goto nfsmout; cp = uio_iov_base(uiop); tlen -= len; - *cp = '\0'; + NFSBZERO(cp, tlen); cp += tlen; /* points to cookie storage */ tl2 = (u_int32_t *)cp; if (len == 2 && cnp->cn_nameptr[0] == '.' && @@ -3708,6 +3715,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui */ if (blksiz > 0) { left = DIRBLKSIZ - blksiz; + NFSBZERO(uio_iov_base(uiop), left); dp->d_reclen += left; uio_iov_base_add(uiop, left); uio_iov_len_add(uiop, -(left)); @@ -3735,10 +3743,8 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui */ while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) { dp = (struct dirent *)uio_iov_base(uiop); + NFSBZERO(dp, DIRBLKSIZ); dp->d_type = DT_UNKNOWN; - dp->d_fileno = 0; - dp->d_namlen = 0; - dp->d_name[0] = '\0'; tl = (u_int32_t *)&dp->d_name[4]; *tl++ = cookie.lval[0]; *tl = cookie.lval[1]; Modified: stable/12/sys/fs/pseudofs/pseudofs_vnops.c ============================================================================== --- stable/12/sys/fs/pseudofs/pseudofs_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/pseudofs/pseudofs_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -828,7 +828,6 @@ pfs_readdir(struct vop_readdir_args *va) /* PFS_DELEN was picked to fit PFS_NAMLEN */ for (i = 0; i < PFS_NAMELEN - 1 && pn->pn_name[i] != '\0'; ++i) pfsent->entry.d_name[i] = pn->pn_name[i]; - pfsent->entry.d_name[i] = 0; pfsent->entry.d_namlen = i; /* NOTE: d_off is the offset of the *next* entry. */ pfsent->entry.d_off = offset + PFS_DELEN; @@ -855,6 +854,7 @@ pfs_readdir(struct vop_readdir_args *va) panic("%s has unexpected node type: %d", pn->pn_name, pn->pn_type); } PFS_TRACE(("%s", pfsent->entry.d_name)); + dirent_terminate(&pfsent->entry); STAILQ_INSERT_TAIL(&lst, pfsent, link); offset += PFS_DELEN; resid -= PFS_DELEN; Modified: stable/12/sys/fs/smbfs/smbfs_io.c ============================================================================== --- stable/12/sys/fs/smbfs/smbfs_io.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/smbfs/smbfs_io.c Mon Nov 26 14:01:05 2018 (r340970) @@ -106,8 +106,8 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, stru de.d_namlen = offset + 1; de.d_name[0] = '.'; de.d_name[1] = '.'; - de.d_name[offset + 1] = '\0'; de.d_type = DT_DIR; + dirent_terminate(&de); error = uiomove(&de, DE_SIZE, uio); if (error) goto out; @@ -156,7 +156,7 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, stru de.d_type = (ctx->f_attr.fa_attr & SMB_FA_DIR) ? DT_DIR : DT_REG; de.d_namlen = ctx->f_nmlen; bcopy(ctx->f_name, de.d_name, de.d_namlen); - de.d_name[de.d_namlen] = '\0'; + dirent_terminate(&de); if (smbfs_fastlookup) { error = smbfs_nget(vp->v_mount, vp, ctx->f_name, ctx->f_nmlen, &ctx->f_attr, &newvp); Modified: stable/12/sys/fs/tmpfs/tmpfs_subr.c ============================================================================== --- stable/12/sys/fs/tmpfs/tmpfs_subr.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/tmpfs/tmpfs_subr.c Mon Nov 26 14:01:05 2018 (r340970) @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#include <sys/systm.h> #include <sys/dirent.h> #include <sys/fnv_hash.h> #include <sys/lock.h> @@ -50,7 +51,6 @@ __FBSDID("$FreeBSD$"); #include <sys/random.h> #include <sys/rwlock.h> #include <sys/stat.h> -#include <sys/systm.h> #include <sys/sysctl.h> #include <sys/vnode.h> #include <sys/vmmeter.h> @@ -1127,8 +1127,8 @@ tmpfs_dir_getdotdent(struct tmpfs_node *node, struct u dent.d_type = DT_DIR; dent.d_namlen = 1; dent.d_name[0] = '.'; - dent.d_name[1] = '\0'; dent.d_reclen = GENERIC_DIRSIZ(&dent); + dirent_terminate(&dent); if (dent.d_reclen > uio->uio_resid) error = EJUSTRETURN; @@ -1171,8 +1171,8 @@ tmpfs_dir_getdotdotdent(struct tmpfs_node *node, struc dent.d_namlen = 2; dent.d_name[0] = '.'; dent.d_name[1] = '.'; - dent.d_name[2] = '\0'; dent.d_reclen = GENERIC_DIRSIZ(&dent); + dirent_terminate(&dent); if (dent.d_reclen > uio->uio_resid) error = EJUSTRETURN; @@ -1292,8 +1292,8 @@ tmpfs_dir_getdents(struct tmpfs_node *node, struct uio d.d_namlen = de->td_namelen; MPASS(de->td_namelen < sizeof(d.d_name)); (void)memcpy(d.d_name, de->ud.td_name, de->td_namelen); - d.d_name[de->td_namelen] = '\0'; d.d_reclen = GENERIC_DIRSIZ(&d); + dirent_terminate(&d); /* Stop reading if the directory entry we are treating is * bigger than the amount of data that can be returned. */ Modified: stable/12/sys/fs/tmpfs/tmpfs_vfsops.c ============================================================================== --- stable/12/sys/fs/tmpfs/tmpfs_vfsops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/tmpfs/tmpfs_vfsops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#include <sys/systm.h> #include <sys/dirent.h> #include <sys/limits.h> #include <sys/lock.h> @@ -56,7 +57,6 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/rwlock.h> #include <sys/stat.h> -#include <sys/systm.h> #include <sys/sysctl.h> #include <sys/vnode.h> Modified: stable/12/sys/fs/tmpfs/tmpfs_vnops.c ============================================================================== --- stable/12/sys/fs/tmpfs/tmpfs_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/tmpfs/tmpfs_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#include <sys/systm.h> #include <sys/dirent.h> #include <sys/fcntl.h> #include <sys/limits.h> @@ -51,7 +52,6 @@ __FBSDID("$FreeBSD$"); #include <sys/rwlock.h> #include <sys/sched.h> #include <sys/stat.h> -#include <sys/systm.h> #include <sys/sysctl.h> #include <sys/unistd.h> #include <sys/vnode.h> Modified: stable/12/sys/fs/udf/udf_vnops.c ============================================================================== --- stable/12/sys/fs/udf/udf_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/fs/udf/udf_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -843,10 +843,10 @@ udf_readdir(struct vop_readdir_args *a) dir.d_fileno = node->hash_id; dir.d_type = DT_DIR; dir.d_name[0] = '.'; - dir.d_name[1] = '\0'; dir.d_namlen = 1; dir.d_reclen = GENERIC_DIRSIZ(&dir); dir.d_off = 1; + dirent_terminate(&dir); uiodir.dirent = &dir; error = udf_uiodir(&uiodir, dir.d_reclen, uio, 1); if (error) @@ -856,10 +856,10 @@ udf_readdir(struct vop_readdir_args *a) dir.d_type = DT_DIR; dir.d_name[0] = '.'; dir.d_name[1] = '.'; - dir.d_name[2] = '\0'; dir.d_namlen = 2; dir.d_reclen = GENERIC_DIRSIZ(&dir); dir.d_off = 2; + dirent_terminate(&dir); uiodir.dirent = &dir; error = udf_uiodir(&uiodir, dir.d_reclen, uio, 2); } else { @@ -870,6 +870,7 @@ udf_readdir(struct vop_readdir_args *a) DT_DIR : DT_UNKNOWN; dir.d_reclen = GENERIC_DIRSIZ(&dir); dir.d_off = ds->this_off; + dirent_terminate(&dir); uiodir.dirent = &dir; error = udf_uiodir(&uiodir, dir.d_reclen, uio, ds->this_off); Modified: stable/12/sys/kern/uipc_mqueue.c ============================================================================== --- stable/12/sys/kern/uipc_mqueue.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/kern/uipc_mqueue.c Mon Nov 26 14:01:05 2018 (r340970) @@ -1428,7 +1428,6 @@ mqfs_readdir(struct vop_readdir_args *ap) entry.d_fileno = pn->mn_fileno; for (i = 0; i < MQFS_NAMELEN - 1 && pn->mn_name[i] != '\0'; ++i) entry.d_name[i] = pn->mn_name[i]; - entry.d_name[i] = 0; entry.d_namlen = i; switch (pn->mn_type) { case mqfstype_root: @@ -1447,6 +1446,7 @@ mqfs_readdir(struct vop_readdir_args *ap) panic("%s has unexpected node type: %d", pn->mn_name, pn->mn_type); } + dirent_terminate(&entry); if (entry.d_reclen > uio->uio_resid) break; if (offset >= uio->uio_offset) { Modified: stable/12/sys/kern/vfs_export.c ============================================================================== --- stable/12/sys/kern/vfs_export.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/kern/vfs_export.c Mon Nov 26 14:01:05 2018 (r340970) @@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$"); #include "opt_inet6.h" #include <sys/param.h> +#include <sys/systm.h> #include <sys/dirent.h> #include <sys/jail.h> #include <sys/kernel.h> @@ -55,7 +56,6 @@ __FBSDID("$FreeBSD$"); #include <sys/refcount.h> #include <sys/signalvar.h> #include <sys/socket.h> -#include <sys/systm.h> #include <sys/vnode.h> #include <netinet/in.h> Modified: stable/12/sys/sys/dirent.h ============================================================================== --- stable/12/sys/sys/dirent.h Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/sys/dirent.h Mon Nov 26 14:01:05 2018 (r340970) @@ -126,6 +126,19 @@ struct freebsd11_dirent { #ifdef _KERNEL #define GENERIC_DIRSIZ(dp) _GENERIC_DIRSIZ(dp) + +/* + * Ensure that padding bytes are zeroed and that the name is NUL-terminated. + */ +static inline void +dirent_terminate(struct dirent *dp) +{ + + dp->d_pad0 = 0; + dp->d_pad1 = 0; + memset(dp->d_name + dp->d_namlen, 0, + dp->d_reclen - (__offsetof(struct dirent, d_name) + dp->d_namlen)); +} #endif #endif /* !_SYS_DIRENT_H_ */ Modified: stable/12/sys/ufs/ufs/ufs_vnops.c ============================================================================== --- stable/12/sys/ufs/ufs/ufs_vnops.c Mon Nov 26 13:56:19 2018 (r340969) +++ stable/12/sys/ufs/ufs/ufs_vnops.c Mon Nov 26 14:01:05 2018 (r340970) @@ -2217,9 +2217,9 @@ ufs_readdir(ap) dstdp.d_fileno = dp->d_ino; dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp); bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen); - dstdp.d_name[dstdp.d_namlen] = '\0'; /* NOTE: d_off is the offset of the *next* entry. */ dstdp.d_off = offset + dp->d_reclen; + dirent_terminate(&dstdp); if (dstdp.d_reclen > uio->uio_resid) { if (uio->uio_resid == startresid) error = EINVAL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811261401.wAQE15tF004718>