Actions
Bug #736
closedBuffer overflow in FileStore::collection_list_partial
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
FileStore::collection_list_partial calls readdir_r without actually allocating space for the dirent. A properly crafted filename will cause a buffer overflow.
It is safe to use readdir() in glibc as long as you don't share the directory file descriptor between multiple threads. Recommend creating a wrapper function that does this on glibc systems, and does the elaborate (and expensive) readdir_r workaround on non-glibc ones.
More information about the problem here: http://womble.decadent.org.uk/readdir_r-advisory.html
Updated by Colin McCabe over 13 years ago
- Status changed from New to Resolved
Actions