Bug #736: Buffer overflow in FileStore::collection_list_partial - Ceph - Ceph

Actions

Copy link

Bug #736

closed

Buffer overflow in FileStore::collection_list_partial

Added by Colin McCabe over 13 years ago. Updated over 13 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

% Done:

Source:

Tags:

Backport:

Regression:

Severity:

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

FileStore::collection_list_partial calls readdir_r without actually allocating space for the dirent. A properly crafted filename will cause a buffer overflow.

It is safe to use readdir() in glibc as long as you don't share the directory file descriptor between multiple threads. Recommend creating a wrapper function that does this on glibc systems, and does the elaborate (and expensive) readdir_r workaround on non-glibc ones.

More information about the problem here: http://womble.decadent.org.uk/readdir_r-advisory.html

Actions

Copy link

Updated by Colin McCabe over 13 years ago

Status changed from New to Resolved

Fixed by 5beec0b00ccf1dce3358154367558d9a4e320e93

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Bug #736

Buffer overflow in FileStore::collection_list_partial

Updated by Colin McCabe over 13 years ago