Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Nov 2018 16:51:18 +0000 (UTC)
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r341074 - in stable/11/sys: cddl/contrib/opensolaris/uts/common/fs/zfs fs/autofs fs/cd9660 fs/devfs fs/ext2fs fs/fdescfs fs/fuse fs/msdosfs fs/nandfs fs/nfsclient fs/pseudofs fs/smbfs f...
Message-ID:  <201811271651.wARGpIt5042522@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: markj
Date: Tue Nov 27 16:51:18 2018
New Revision: 341074
URL: https://svnweb.freebsd.org/changeset/base/341074

Log:
  MFC r340856:
  Ensure that directory entry padding bytes are zeroed.

Modified:
  stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c
  stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
  stable/11/sys/fs/autofs/autofs_vnops.c
  stable/11/sys/fs/cd9660/cd9660_vnops.c
  stable/11/sys/fs/devfs/devfs_devs.c
  stable/11/sys/fs/ext2fs/ext2_lookup.c
  stable/11/sys/fs/fdescfs/fdesc_vnops.c
  stable/11/sys/fs/fuse/fuse_internal.c
  stable/11/sys/fs/msdosfs/msdosfs_vnops.c
  stable/11/sys/fs/nandfs/nandfs_vnops.c
  stable/11/sys/fs/nfsclient/nfs_clrpcops.c
  stable/11/sys/fs/pseudofs/pseudofs_vnops.c
  stable/11/sys/fs/smbfs/smbfs_io.c
  stable/11/sys/fs/tmpfs/tmpfs_subr.c
  stable/11/sys/fs/tmpfs/tmpfs_vfsops.c
  stable/11/sys/fs/tmpfs/tmpfs_vnops.c
  stable/11/sys/fs/udf/udf_vnops.c
  stable/11/sys/kern/uipc_mqueue.c
  stable/11/sys/kern/vfs_export.c
  stable/11/sys/sys/dirent.h
  stable/11/sys/ufs/ufs/ufs_vnops.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c
==============================================================================
--- stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -262,9 +262,9 @@ sfs_readdir_common(uint64_t parent_id, uint64_t id, st
 		entry.d_fileno = id;
 		entry.d_type = DT_DIR;
 		entry.d_name[0] = '.';
-		entry.d_name[1] = '\0';
 		entry.d_namlen = 1;
 		entry.d_reclen = sizeof(entry);
+		dirent_terminate(&entry);
 		error = vfs_read_dirent(ap, &entry, uio->uio_offset);
 		if (error != 0)
 			return (SET_ERROR(error));
@@ -277,9 +277,9 @@ sfs_readdir_common(uint64_t parent_id, uint64_t id, st
 		entry.d_type = DT_DIR;
 		entry.d_name[0] = '.';
 		entry.d_name[1] = '.';
-		entry.d_name[2] = '\0';
 		entry.d_namlen = 2;
 		entry.d_reclen = sizeof(entry);
+		dirent_terminate(&entry);
 		error = vfs_read_dirent(ap, &entry, uio->uio_offset);
 		if (error != 0)
 			return (SET_ERROR(error));
@@ -694,6 +694,7 @@ zfsctl_root_readdir(ap)
 	strcpy(entry.d_name, node->snapdir->sn_name);
 	entry.d_namlen = strlen(entry.d_name);
 	entry.d_reclen = sizeof(entry);
+	dirent_terminate(&entry);
 	error = vfs_read_dirent(ap, &entry, uio->uio_offset);
 	if (error != 0) {
 		if (error == ENAMETOOLONG)
@@ -1097,6 +1098,7 @@ zfsctl_snapdir_readdir(ap)
 		strcpy(entry.d_name, snapname);
 		entry.d_namlen = strlen(entry.d_name);
 		entry.d_reclen = sizeof(entry);
+		dirent_terminate(&entry);
 		error = vfs_read_dirent(ap, &entry, uio->uio_offset);
 		if (error != 0) {
 			if (error == ENAMETOOLONG)

Modified: stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
==============================================================================
--- stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -2545,6 +2545,7 @@ zfs_readdir(vnode_t *vp, uio_t *uio, cred_t *cr, int *
 			odp->d_namlen = strlen(zap.za_name);
 			(void) strlcpy(odp->d_name, zap.za_name, odp->d_namlen + 1);
 			odp->d_type = type;
+			dirent_terminate(odp);
 			odp = (dirent64_t *)((intptr_t)odp + reclen);
 		}
 		outcount += reclen;

Modified: stable/11/sys/fs/autofs/autofs_vnops.c
==============================================================================
--- stable/11/sys/fs/autofs/autofs_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/autofs/autofs_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -34,6 +34,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/condvar.h>
 #include <sys/dirent.h>
@@ -44,7 +45,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/namei.h>
 #include <sys/signalvar.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/taskqueue.h>
 #include <sys/tree.h>
 #include <sys/vnode.h>
@@ -361,7 +361,6 @@ autofs_readdir_one(struct uio *uio, const char *name, 
 	padded_namlen = roundup2(namlen + 1, __alignof(struct dirent));
 	KASSERT(padded_namlen <= MAXNAMLEN, ("%zd > MAXNAMLEN", padded_namlen));
 	reclen = offsetof(struct dirent, d_name) + padded_namlen;
-
 	if (reclenp != NULL)
 		*reclenp = reclen;
 
@@ -376,7 +375,7 @@ autofs_readdir_one(struct uio *uio, const char *name, 
 	dirent.d_type = DT_DIR;
 	dirent.d_namlen = namlen;
 	memcpy(dirent.d_name, name, namlen);
-	memset(dirent.d_name + namlen, 0, padded_namlen - namlen);
+	dirent_terminate(&dirent);
 	error = uiomove(&dirent, reclen, uio);
 
 	return (error);

Modified: stable/11/sys/fs/cd9660/cd9660_vnops.c
==============================================================================
--- stable/11/sys/fs/cd9660/cd9660_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/cd9660/cd9660_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -378,8 +378,8 @@ iso_uiodir(idp,dp,off)
 {
 	int error;
 
-	dp->d_name[dp->d_namlen] = 0;
 	dp->d_reclen = GENERIC_DIRSIZ(dp);
+	dirent_terminate(dp);
 
 	if (idp->uio->uio_resid < dp->d_reclen) {
 		idp->eofflag = 0;

Modified: stable/11/sys/fs/devfs/devfs_devs.c
==============================================================================
--- stable/11/sys/fs/devfs/devfs_devs.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/devfs/devfs_devs.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -214,7 +214,7 @@ devfs_newdirent(char *name, int namelen)
 	de->de_dirent->d_namlen = namelen;
 	de->de_dirent->d_reclen = GENERIC_DIRSIZ(&d);
 	bcopy(name, de->de_dirent->d_name, namelen);
-	de->de_dirent->d_name[namelen] = '\0';
+	dirent_terminate(de->de_dirent);
 	vfs_timestamp(&de->de_ctime);
 	de->de_mtime = de->de_atime = de->de_ctime;
 	de->de_links = 1;

Modified: stable/11/sys/fs/ext2fs/ext2_lookup.c
==============================================================================
--- stable/11/sys/fs/ext2fs/ext2_lookup.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/ext2fs/ext2_lookup.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -219,7 +219,7 @@ ext2_readdir(struct vop_readdir_args *ap)
 			dstdp.d_fileno = dp->e2d_ino;
 			dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
 			bcopy(dp->e2d_name, dstdp.d_name, dstdp.d_namlen);
-			dstdp.d_name[dstdp.d_namlen] = '\0';
+			dirent_terminate(&dstdp);
 			if (dstdp.d_reclen > uio->uio_resid) {
 				if (uio->uio_resid == startresid)
 					error = EINVAL;

Modified: stable/11/sys/fs/fdescfs/fdesc_vnops.c
==============================================================================
--- stable/11/sys/fs/fdescfs/fdesc_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/fdescfs/fdesc_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -560,8 +560,8 @@ fdesc_readdir(struct vop_readdir_args *ap)
 			dp->d_namlen = i + 1;
 			dp->d_reclen = UIO_MX;
 			bcopy("..", dp->d_name, dp->d_namlen);
-			dp->d_name[i + 1] = '\0';
 			dp->d_type = DT_DIR;
+			dirent_terminate(dp);
 			break;
 		default:
 			if (fdp->fd_ofiles[fcnt].fde_file == NULL)
@@ -571,6 +571,7 @@ fdesc_readdir(struct vop_readdir_args *ap)
 			dp->d_type = (fmp->flags & FMNT_LINRDLNKF) == 0 ?
 			    DT_CHR : DT_LNK;
 			dp->d_fileno = i + FD_DESC;
+			dirent_terminate(dp);
 			break;
 		}
 		if (dp->d_namlen != 0) {

Modified: stable/11/sys/fs/fuse/fuse_internal.c
==============================================================================
--- stable/11/sys/fs/fuse/fuse_internal.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/fuse/fuse_internal.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -355,7 +355,7 @@ fuse_internal_readdir_processdata(struct uio *uio,
 		memcpy((char *)cookediov->base + sizeof(struct dirent) - 
 		       MAXNAMLEN - 1,
 		       (char *)buf + FUSE_NAME_OFFSET, fudge->namelen);
-		((char *)cookediov->base)[bytesavail - 1] = '\0';
+		dirent_terminate(de);
 
 		err = uiomove(cookediov->base, cookediov->len, uio);
 		if (err) {

Modified: stable/11/sys/fs/msdosfs/msdosfs_vnops.c
==============================================================================
--- stable/11/sys/fs/msdosfs/msdosfs_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/msdosfs/msdosfs_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -1561,14 +1561,16 @@ msdosfs_readdir(struct vop_readdir_args *ap)
 				switch (n) {
 				case 0:
 					dirbuf.d_namlen = 1;
-					strcpy(dirbuf.d_name, ".");
+					dirbuf.d_name[0] = '.';
 					break;
 				case 1:
 					dirbuf.d_namlen = 2;
-					strcpy(dirbuf.d_name, "..");
+					dirbuf.d_name[0] = '.';
+					dirbuf.d_name[1] = '.';
 					break;
 				}
 				dirbuf.d_reclen = GENERIC_DIRSIZ(&dirbuf);
+				dirent_terminate(&dirbuf);
 				if (uio->uio_resid < dirbuf.d_reclen)
 					goto out;
 				error = uiomove(&dirbuf, dirbuf.d_reclen, uio);

Modified: stable/11/sys/fs/nandfs/nandfs_vnops.c
==============================================================================
--- stable/11/sys/fs/nandfs/nandfs_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/nandfs/nandfs_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -1225,13 +1225,14 @@ nandfs_readdir(struct vop_readdir_args *ap)
 			ndirent = (struct nandfs_dir_entry *)pos;
 
 			name_len = ndirent->name_len;
-			memset(&dirent, 0, sizeof(struct dirent));
+			memset(&dirent, 0, sizeof(dirent));
 			dirent.d_fileno = ndirent->inode;
 			if (dirent.d_fileno) {
 				dirent.d_type = ndirent->file_type;
 				dirent.d_namlen = name_len;
 				strncpy(dirent.d_name, ndirent->name, name_len);
 				dirent.d_reclen = GENERIC_DIRSIZ(&dirent);
+				dirent_terminate(&dirent);
 				DPRINTF(READDIR, ("copying `%*.*s`\n", name_len,
 				    name_len, dirent.d_name));
 			}
@@ -1245,7 +1246,7 @@ nandfs_readdir(struct vop_readdir_args *ap)
 
 			/* Transfer */
 			if (dirent.d_fileno)
-				uiomove(&dirent, GENERIC_DIRSIZ(&dirent), uio);
+				uiomove(&dirent, dirent.d_reclen, uio);
 
 			/* Advance */
 			diroffset += ndirent->rec_len;

Modified: stable/11/sys/fs/nfsclient/nfs_clrpcops.c
==============================================================================
--- stable/11/sys/fs/nfsclient/nfs_clrpcops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/nfsclient/nfs_clrpcops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -3036,6 +3036,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
 				tlen += 4;  /* To ensure null termination */
 			left = DIRBLKSIZ - blksiz;
 			if ((int)(tlen + DIRHDSIZ + NFSX_HYPER) > left) {
+				NFSBZERO(uio_iov_base(uiop), left);
 				dp->d_reclen += left;
 				uio_iov_base_add(uiop, left);
 				uio_iov_len_add(uiop, -(left));
@@ -3062,7 +3063,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
 					goto nfsmout;
 				cp = CAST_DOWN(caddr_t, uio_iov_base(uiop));
 				tlen -= len;
-				*cp = '\0';	/* null terminate */
+				NFSBZERO(cp, tlen);
 				cp += tlen;	/* points to cookie storage */
 				tl2 = (u_int32_t *)cp;
 				uio_iov_base_add(uiop, (tlen + NFSX_HYPER));
@@ -3150,6 +3151,7 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
 	 */
 	if (blksiz > 0) {
 		left = DIRBLKSIZ - blksiz;
+		NFSBZERO(uio_iov_base(uiop), left);
 		dp->d_reclen += left;
 		uio_iov_base_add(uiop, left);
 		uio_iov_len_add(uiop, -(left));
@@ -3177,10 +3179,8 @@ nfsrpc_readdir(vnode_t vp, struct uio *uiop, nfsuint64
 	 */
 	while (uio_uio_resid(uiop) > 0 && ((size_t)(uio_uio_resid(uiop))) != tresid) {
 		dp = (struct dirent *) CAST_DOWN(caddr_t, uio_iov_base(uiop));
+		NFSBZERO(dp, DIRBLKSIZ);
 		dp->d_type = DT_UNKNOWN;
-		dp->d_fileno = 0;
-		dp->d_namlen = 0;
-		dp->d_name[0] = '\0';
 		tl = (u_int32_t *)&dp->d_name[4];
 		*tl++ = cookie.lval[0];
 		*tl = cookie.lval[1];
@@ -3444,6 +3444,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
 				tlen += 4;  /* To ensure null termination */
 			left = DIRBLKSIZ - blksiz;
 			if ((tlen + DIRHDSIZ + NFSX_HYPER) > left) {
+				NFSBZERO(uio_iov_base(uiop), left);
 				dp->d_reclen += left;
 				uio_iov_base_add(uiop, left);
 				uio_iov_len_add(uiop, -(left));
@@ -3473,7 +3474,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
 					goto nfsmout;
 				cp = uio_iov_base(uiop);
 				tlen -= len;
-				*cp = '\0';
+				NFSBZERO(cp, tlen);
 				cp += tlen;	/* points to cookie storage */
 				tl2 = (u_int32_t *)cp;
 				if (len == 2 && cnp->cn_nameptr[0] == '.' &&
@@ -3643,6 +3644,7 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
 	 */
 	if (blksiz > 0) {
 		left = DIRBLKSIZ - blksiz;
+		NFSBZERO(uio_iov_base(uiop), left);
 		dp->d_reclen += left;
 		uio_iov_base_add(uiop, left);
 		uio_iov_len_add(uiop, -(left));
@@ -3670,10 +3672,8 @@ nfsrpc_readdirplus(vnode_t vp, struct uio *uiop, nfsui
 	 */
 	while (uio_uio_resid(uiop) > 0 && uio_uio_resid(uiop) != tresid) {
 		dp = (struct dirent *)uio_iov_base(uiop);
+		NFSBZERO(dp, DIRBLKSIZ);
 		dp->d_type = DT_UNKNOWN;
-		dp->d_fileno = 0;
-		dp->d_namlen = 0;
-		dp->d_name[0] = '\0';
 		tl = (u_int32_t *)&dp->d_name[4];
 		*tl++ = cookie.lval[0];
 		*tl = cookie.lval[1];

Modified: stable/11/sys/fs/pseudofs/pseudofs_vnops.c
==============================================================================
--- stable/11/sys/fs/pseudofs/pseudofs_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/pseudofs/pseudofs_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -826,7 +826,6 @@ pfs_readdir(struct vop_readdir_args *va)
 		/* PFS_DELEN was picked to fit PFS_NAMLEN */
 		for (i = 0; i < PFS_NAMELEN - 1 && pn->pn_name[i] != '\0'; ++i)
 			pfsent->entry.d_name[i] = pn->pn_name[i];
-		pfsent->entry.d_name[i] = 0;
 		pfsent->entry.d_namlen = i;
 		switch (pn->pn_type) {
 		case pfstype_procdir:
@@ -851,6 +850,7 @@ pfs_readdir(struct vop_readdir_args *va)
 			panic("%s has unexpected node type: %d", pn->pn_name, pn->pn_type);
 		}
 		PFS_TRACE(("%s", pfsent->entry.d_name));
+		dirent_terminate(&pfsent->entry);
 		STAILQ_INSERT_TAIL(&lst, pfsent, link);
 		offset += PFS_DELEN;
 		resid -= PFS_DELEN;

Modified: stable/11/sys/fs/smbfs/smbfs_io.c
==============================================================================
--- stable/11/sys/fs/smbfs/smbfs_io.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/smbfs/smbfs_io.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -104,8 +104,8 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, stru
 		de.d_namlen = offset + 1;
 		de.d_name[0] = '.';
 		de.d_name[1] = '.';
-		de.d_name[offset + 1] = '\0';
 		de.d_type = DT_DIR;
+		dirent_terminate(&de);
 		error = uiomove(&de, DE_SIZE, uio);
 		if (error)
 			goto out;
@@ -154,7 +154,7 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, stru
 		de.d_type = (ctx->f_attr.fa_attr & SMB_FA_DIR) ? DT_DIR : DT_REG;
 		de.d_namlen = ctx->f_nmlen;
 		bcopy(ctx->f_name, de.d_name, de.d_namlen);
-		de.d_name[de.d_namlen] = '\0';
+		dirent_terminate(&de);
 		if (smbfs_fastlookup) {
 			error = smbfs_nget(vp->v_mount, vp, ctx->f_name,
 			    ctx->f_nmlen, &ctx->f_attr, &newvp);

Modified: stable/11/sys/fs/tmpfs/tmpfs_subr.c
==============================================================================
--- stable/11/sys/fs/tmpfs/tmpfs_subr.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/tmpfs/tmpfs_subr.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -37,6 +37,8 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/dirent.h>
 #include <sys/fnv_hash.h>
 #include <sys/lock.h>
 #include <sys/namei.h>
@@ -45,7 +47,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/random.h>
 #include <sys/rwlock.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/sysctl.h>
 #include <sys/vnode.h>
 #include <sys/vmmeter.h>
@@ -1115,8 +1116,8 @@ tmpfs_dir_getdotdent(struct tmpfs_node *node, struct u
 	dent.d_type = DT_DIR;
 	dent.d_namlen = 1;
 	dent.d_name[0] = '.';
-	dent.d_name[1] = '\0';
 	dent.d_reclen = GENERIC_DIRSIZ(&dent);
+	dirent_terminate(&dent);
 
 	if (dent.d_reclen > uio->uio_resid)
 		error = EJUSTRETURN;
@@ -1159,8 +1160,8 @@ tmpfs_dir_getdotdotdent(struct tmpfs_node *node, struc
 	dent.d_namlen = 2;
 	dent.d_name[0] = '.';
 	dent.d_name[1] = '.';
-	dent.d_name[2] = '\0';
 	dent.d_reclen = GENERIC_DIRSIZ(&dent);
+	dirent_terminate(&dent);
 
 	if (dent.d_reclen > uio->uio_resid)
 		error = EJUSTRETURN;
@@ -1280,8 +1281,8 @@ tmpfs_dir_getdents(struct tmpfs_node *node, struct uio
 		d.d_namlen = de->td_namelen;
 		MPASS(de->td_namelen < sizeof(d.d_name));
 		(void)memcpy(d.d_name, de->ud.td_name, de->td_namelen);
-		d.d_name[de->td_namelen] = '\0';
 		d.d_reclen = GENERIC_DIRSIZ(&d);
+		dirent_terminate(&d);
 
 		/* Stop reading if the directory entry we are treating is
 		 * bigger than the amount of data that can be returned. */

Modified: stable/11/sys/fs/tmpfs/tmpfs_vfsops.c
==============================================================================
--- stable/11/sys/fs/tmpfs/tmpfs_vfsops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/tmpfs/tmpfs_vfsops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -52,7 +52,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/kernel.h>
 #include <sys/rwlock.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/sysctl.h>
 
 #include <vm/vm.h>

Modified: stable/11/sys/fs/tmpfs/tmpfs_vnops.c
==============================================================================
--- stable/11/sys/fs/tmpfs/tmpfs_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/tmpfs/tmpfs_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -46,7 +46,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/rwlock.h>
 #include <sys/sched.h>
 #include <sys/stat.h>
-#include <sys/systm.h>
 #include <sys/sysctl.h>
 #include <sys/unistd.h>
 #include <sys/vnode.h>

Modified: stable/11/sys/fs/udf/udf_vnops.c
==============================================================================
--- stable/11/sys/fs/udf/udf_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/fs/udf/udf_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -841,9 +841,9 @@ udf_readdir(struct vop_readdir_args *a)
 			dir.d_fileno = node->hash_id;
 			dir.d_type = DT_DIR;
 			dir.d_name[0] = '.';
-			dir.d_name[1] = '\0';
 			dir.d_namlen = 1;
 			dir.d_reclen = GENERIC_DIRSIZ(&dir);
+			dirent_terminate(&dir);
 			uiodir.dirent = &dir;
 			error = udf_uiodir(&uiodir, dir.d_reclen, uio, 1);
 			if (error)
@@ -853,9 +853,9 @@ udf_readdir(struct vop_readdir_args *a)
 			dir.d_type = DT_DIR;
 			dir.d_name[0] = '.';
 			dir.d_name[1] = '.';
-			dir.d_name[2] = '\0';
 			dir.d_namlen = 2;
 			dir.d_reclen = GENERIC_DIRSIZ(&dir);
+			dirent_terminate(&dir);
 			uiodir.dirent = &dir;
 			error = udf_uiodir(&uiodir, dir.d_reclen, uio, 2);
 		} else {
@@ -865,6 +865,7 @@ udf_readdir(struct vop_readdir_args *a)
 			dir.d_type = (fid->file_char & UDF_FILE_CHAR_DIR) ?
 			    DT_DIR : DT_UNKNOWN;
 			dir.d_reclen = GENERIC_DIRSIZ(&dir);
+			dirent_terminate(&dir);
 			uiodir.dirent = &dir;
 			error = udf_uiodir(&uiodir, dir.d_reclen, uio,
 			    ds->this_off);

Modified: stable/11/sys/kern/uipc_mqueue.c
==============================================================================
--- stable/11/sys/kern/uipc_mqueue.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/kern/uipc_mqueue.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -1421,7 +1421,6 @@ mqfs_readdir(struct vop_readdir_args *ap)
 		entry.d_fileno = pn->mn_fileno;
 		for (i = 0; i < MQFS_NAMELEN - 1 && pn->mn_name[i] != '\0'; ++i)
 			entry.d_name[i] = pn->mn_name[i];
-		entry.d_name[i] = 0;
 		entry.d_namlen = i;
 		switch (pn->mn_type) {
 		case mqfstype_root:
@@ -1440,6 +1439,7 @@ mqfs_readdir(struct vop_readdir_args *ap)
 			panic("%s has unexpected node type: %d", pn->mn_name,
 				pn->mn_type);
 		}
+		dirent_terminate(&entry);
 		if (entry.d_reclen > uio->uio_resid)
                         break;
 		if (offset >= uio->uio_offset) {

Modified: stable/11/sys/kern/vfs_export.c
==============================================================================
--- stable/11/sys/kern/vfs_export.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/kern/vfs_export.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
 #include "opt_inet6.h"
 
 #include <sys/param.h>
+#include <sys/systm.h>
 #include <sys/dirent.h>
 #include <sys/jail.h>
 #include <sys/kernel.h>
@@ -53,7 +54,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/refcount.h>
 #include <sys/signalvar.h>
 #include <sys/socket.h>
-#include <sys/systm.h>
 #include <sys/vnode.h>
 
 #include <netinet/in.h>

Modified: stable/11/sys/sys/dirent.h
==============================================================================
--- stable/11/sys/sys/dirent.h	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/sys/dirent.h	Tue Nov 27 16:51:18 2018	(r341074)
@@ -95,6 +95,17 @@ struct dirent {
 
 #ifdef _KERNEL
 #define	GENERIC_DIRSIZ(dp)	_GENERIC_DIRSIZ(dp)
+
+/*
+ * Ensure that padding bytes are zeroed and that the name is NUL-terminated.
+ */
+static inline void
+dirent_terminate(struct dirent *dp)
+{
+
+	memset(dp->d_name + dp->d_namlen, 0,
+	    dp->d_reclen - (__offsetof(struct dirent, d_name) + dp->d_namlen));
+}
 #endif
 
 #endif /* !_SYS_DIRENT_H_ */

Modified: stable/11/sys/ufs/ufs/ufs_vnops.c
==============================================================================
--- stable/11/sys/ufs/ufs/ufs_vnops.c	Tue Nov 27 16:51:01 2018	(r341073)
+++ stable/11/sys/ufs/ufs/ufs_vnops.c	Tue Nov 27 16:51:18 2018	(r341074)
@@ -2216,7 +2216,7 @@ ufs_readdir(ap)
 			dstdp.d_fileno = dp->d_ino;
 			dstdp.d_reclen = GENERIC_DIRSIZ(&dstdp);
 			bcopy(dp->d_name, dstdp.d_name, dstdp.d_namlen);
-			dstdp.d_name[dstdp.d_namlen] = '\0';
+			dirent_terminate(&dstdp);
 			if (dstdp.d_reclen > uio->uio_resid) {
 				if (uio->uio_resid == startresid)
 					error = EINVAL;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811271651.wARGpIt5042522>