On 09/29/2015 01:37 PM, Jonathan Wakely wrote:
> POSIX says that dirent::d_name has an unspecified length, so calls to
> readdir_r must pass a buffer with enough trailing space for
> {NAME_MAX}+1 characters. I wasn't doing that, which works OK on
> GNU/Linux and BSD where d_name is a large array, but fails on Solaris
> 32-bit.
>
> This uses pathconf to get NAME_MAX and allocates a buffer.
This still has a buffer overflow on certain file systems.
You must not use readdir_r, it is deprecated and always insecure. We
should probably mark it as such in the glibc headers.
Have we already released code which uses readdir_r?
Florian
