Date: Fri, 25 Jul 2008 07:00:15 GMT From: Chagin Dmitry <chagin.dmitry@gmail.com> To: freebsd-emulation@FreeBSD.org Subject: Re: kern/117010: [linux] linux_getdents() get somethinng like buffer overflow Message-ID: <200807250700.m6P70FSF036132@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/117010; it has been noted by GNATS.
From: Chagin Dmitry <chagin.dmitry@gmail.com>
To: bug-followup@freebsd.org, samflanker@gmail.com
Cc:
Subject: Re: kern/117010: [linux] linux_getdents() get somethinng like buffer
overflow
Date: Fri, 25 Jul 2008 10:22:46 +0400 (MSD)
Please, try a patch below:
diff --git a/src/sys/compat/linux/linux_file.c b/src/sys/compat/linux/linux_file
index 303bc3f..d88f95f 100644
--- a/src/sys/compat/linux/linux_file.c
+++ b/src/sys/compat/linux/linux_file.c
@@ -303,8 +303,8 @@ struct l_dirent64 {
char d_name[LINUX_NAME_MAX + 1];
};
-#define LINUX_RECLEN(de,namlen) \
- ALIGN((((char *)&(de)->d_name - (char *)de) + (namlen) + 1))
+#define LINUX_RECLEN(de,namlen,trail) \
+ ALIGN((((char *)&(de)->d_name - (char *)de) + (namlen) + trail))
#define LINUX_DIRBLKSIZ 512
@@ -436,8 +436,8 @@ again:
}
linuxreclen = (is64bit)
- ? LINUX_RECLEN(&linux_dirent64, bdp->d_namlen)
- : LINUX_RECLEN(&linux_dirent, bdp->d_namlen);
+ ? LINUX_RECLEN(&linux_dirent64, bdp->d_namlen, 1)
+ : LINUX_RECLEN(&linux_dirent, bdp->d_namlen, 2);
if (reclen > len || resid < linuxreclen) {
outp++;
it solves getdents() problem (at least at x86_64 emulation with
linux_base-f8)
ps, be not bared, linux really has such features...
thnx!
--
Have fun!
chd
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807250700.m6P70FSF036132>