From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46780) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZO0X-000342-6F for qemu-devel@nongnu.org; Wed, 01 Oct 2014 13:48:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XZO0Q-0001tn-Cn for qemu-devel@nongnu.org; Wed, 01 Oct 2014 13:48:09 -0400 Received: from e34.co.us.ibm.com ([32.97.110.152]:58490) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZO0P-0001tZ-VB for qemu-devel@nongnu.org; Wed, 01 Oct 2014 13:48:02 -0400 Received: from /spool/local by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 1 Oct 2014 11:48:01 -0600 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Michael Roth In-Reply-To: <1411096150-3044-1-git-send-email-zhang.zhanghailiang@huawei.com> References: <1411096150-3044-1-git-send-email-zhang.zhanghailiang@huawei.com> Message-ID: <20141001174755.19243.37707@loki> Date: Wed, 01 Oct 2014 12:47:55 -0500 Subject: Re: [Qemu-devel] [PATCH v2] qga: Rewrite code where using readdir_r List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: zhanghailiang , qemu-devel@nongnu.org Cc: armbru@redhat.com, luonengjun@huawei.com, peter.huangpeng@huawei.com, qemu-stable@nongnu.org, lcapitulino@redhat.com Quoting zhanghailiang (2014-09-18 22:09:10) > If readdir_r fails, error_setg_errno will reference the freed > pointer *dirpath*. > = > Moreover, readdir_r may cause a buffer overflow, using readdir instead. > = > Signed-off-by: zhanghailiang Thanks, applied to qga tree: https://github.com/mdroth/qemu/commits/qga > --- > v2: > - Switch readdir_r to readdir (Comment of Eric Blake) > --- > qga/commands-posix.c | 27 +++++++++++++++------------ > 1 file changed, 15 insertions(+), 12 deletions(-) > = > diff --git a/qga/commands-posix.c b/qga/commands-posix.c > index 7eed7f4..f6f3e3c 100644 > --- a/qga/commands-posix.c > +++ b/qga/commands-posix.c > @@ -956,7 +956,7 @@ static void build_guest_fsinfo_for_virtual_device(cha= r const *syspath, > { > DIR *dir; > char *dirpath; > - struct dirent entry, *result; > + struct dirent *entry; > = > dirpath =3D g_strdup_printf("%s/slaves", syspath); > dir =3D opendir(dirpath); > @@ -965,22 +965,24 @@ static void build_guest_fsinfo_for_virtual_device(c= har const *syspath, > g_free(dirpath); > return; > } > - g_free(dirpath); > = > for (;;) { > - if (readdir_r(dir, &entry, &result) !=3D 0) { > - error_setg_errno(errp, errno, "readdir_r(\"%s\")", dirpath); > - break; > - } > - if (!result) { > + errno =3D 0; > + entry =3D readdir(dir); > + if (entry =3D=3D NULL) { > + if (errno) { > + error_setg_errno(errp, errno, "readdir(\"%s\")", dirpath= ); > + } > break; > } > = > - if (entry.d_type =3D=3D DT_LNK) { > - g_debug(" slave device '%s'", entry.d_name); > - dirpath =3D g_strdup_printf("%s/slaves/%s", syspath, entry.d= _name); > - build_guest_fsinfo_for_device(dirpath, fs, errp); > - g_free(dirpath); > + if (entry->d_type =3D=3D DT_LNK) { > + char *path; > + > + g_debug(" slave device '%s'", entry->d_name); > + path =3D g_strdup_printf("%s/slaves/%s", syspath, entry->d_n= ame); > + build_guest_fsinfo_for_device(path, fs, errp); > + g_free(path); > = > if (*errp) { > break; > @@ -988,6 +990,7 @@ static void build_guest_fsinfo_for_virtual_device(cha= r const *syspath, > } > } > = > + g_free(dirpath); > closedir(dir); > } > = > -- = > 1.7.12.4