Boost :

From: Takeshi Mouri (takeshi.mouri.net_at_[hidden])
Date: 2005-12-19 05:54:27

• Next message: Paul Mensonides: "Re: [boost] [test] como doesn't like #warning"
• Previous message: Angus Leeming: "Re: [boost] [test] como doesn't like #warning"
• Next in thread: Beman Dawes: "Re: [boost] [filesystem] directory_iterator may cause buffer overflow"
• Reply: Beman Dawes: "Re: [boost] [filesystem] directory_iterator may cause buffer overflow"

Hello,

On boost 1.33.0 or later,
class directory_iterator is implemented by readdir_r()
for some POSIX platform.
readdir_r() require a memory buffer which is larger than
offsetof(dirent,d_name) + pathconf(dirname,_PC_NAME_MAX) + 1.
But in operations.cpp, the size is sizeof(dirent).

On some platform such as Linux, FreeBSD and Cygwin,
a size of d_name member is 256.
This is a enough size in many cases.
OTOH, the size on Solaris and BeOS is 1.
Therefore directory_iterator always cause buffer overflow.

See also:
http://thread.gmane.org/gmane.comp.lib.boost.devel/115104
http://womble.decadentplace.org.uk/readdir_r-advisory.html

In the article above,
calling readdir_r() after pathconf() has race condition,
so it is necessary to secure the size that seems to be perhaps enough.

Possibly, this problem might cause
http://thread.gmane.org/gmane.comp.lib.boost.devel/135820

Regards,
Takeshi Mouri

• Next message: Paul Mensonides: "Re: [boost] [test] como doesn't like #warning"
• Previous message: Angus Leeming: "Re: [boost] [test] como doesn't like #warning"
• Next in thread: Beman Dawes: "Re: [boost] [filesystem] directory_iterator may cause buffer overflow"
• Reply: Beman Dawes: "Re: [boost] [filesystem] directory_iterator may cause buffer overflow"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk