On 10/02/2015 02:37 PM, Sebastian Huber wrote: > > > On 02/10/15 14:16, Florian Weimer wrote: >> On 09/29/2015 01:37 PM, Jonathan Wakely wrote: >>> >POSIX says that dirent::d_name has an unspecified length, so calls to >>> >readdir_r must pass a buffer with enough trailing space for >>> >{NAME_MAX}+1 characters. I wasn't doing that, which works OK on >>> >GNU/Linux and BSD where d_name is a large array, but fails on Solaris >>> >32-bit. >>> > >>> >This uses pathconf to get NAME_MAX and allocates a buffer. >> This still has a buffer overflow on certain file systems. >> >> You must not use readdir_r, it is deprecated and always insecure. We >> should probably mark it as such in the glibc headers. > > The READDIR(3) man page should be updated as well, since it doesn't > mention that readdir_r() is deprecated and always insecure.
Right, and I filed: https://bugzilla.kernel.org/show_bug.cgi?id=105391 Florian