Boost logo

Boost :

From: Beman Dawes (bdawes_at_[hidden])
Date: 2005-12-20 13:42:35


"Beman Dawes" <bdawes_at_[hidden]> wrote in message
news:do7smm$p9u$1_at_sea.gmane.org...
>
> "Takeshi Mouri" <takeshi.mouri.net_at_[hidden]> wrote in message
> news:B7C6048A94ECDFtakeshi.mouri.net_at_green.ocn.ne.jp...
>> Hello,
>>
>> On boost 1.33.0 or later,
>> class directory_iterator is implemented by readdir_r()
>> for some POSIX platform.
>> readdir_r() require a memory buffer which is larger than
>> offsetof(dirent,d_name) + pathconf(dirname,_PC_NAME_MAX) + 1.
>> But in operations.cpp, the size is sizeof(dirent).
>>
>> On some platform such as Linux, FreeBSD and Cygwin,
>> a size of d_name member is 256.
>> This is a enough size in many cases.
>> OTOH, the size on Solaris and BeOS is 1.
>> Therefore directory_iterator always cause buffer overflow.
>
> Ouch! I was misreading the POSIX spec.
>
>> See also:
>> http://thread.gmane.org/gmane.comp.lib.boost.devel/115104
>> http://womble.decadentplace.org.uk/readdir_r-advisory.html
>>
>> In the article above,
>> calling readdir_r() after pathconf() has race condition,
>> so it is necessary to secure the size that seems to be perhaps enough.
>>
>> Possibly, this problem might cause
>> http://thread.gmane.org/gmane.comp.lib.boost.devel/135820
>
> The same thought occurred to me.
>
> I'll try to get a fix in tomorrow.
>
> Thanks for the report,

CVS head has now been updated.

--Beman


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk