This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: sparc 32-bit dirent broken

From: David Miller <davem at davemloft dot net>
To: fweimer at redhat dot com
Cc: libc-alpha at sourceware dot org
Date: Thu, 10 Oct 2013 15:17:53 -0400 (EDT)
Subject: Re: sparc 32-bit dirent broken
Authentication-results: sourceware.org; auth=none
References: <20131010 dot 150549 dot 1493772166605383173 dot davem at davemloft dot net> <5256FB64 dot 3090803 at redhat dot com>

From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 10 Oct 2013 21:09:24 +0200

> On 10/10/2013 09:05 PM, David Miller wrote:
>>
>> Commit:
>>
>> CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
>>
>> broke dirent on sparc.
>>
>> I suspect it has something to do with alignment.  On 32-bit
>> sparc things must be aligned on a 64-bit boundary even though
>> "long" is only 32-bit.  So that might have something to do
>> with the issue.
> 
> Sorry about that.  Can you post strace output showing the complete
> buffer that arrives from the kernel?

I'm currently testing simply putting that MIN() on reclen back,
I am almost certain that is going to fix things.

Follow-Ups:
- Re: sparc 32-bit dirent broken
  - From: David Miller

References:
- sparc 32-bit dirent broken
  - From: David Miller
- Re: sparc 32-bit dirent broken
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]