This is the mail archive of the java-patches@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Patch: FYI: fix PR libgcj/24170

From: Tom Tromey <tromey at redhat dot com>
To: GCJ-patches <java-patches at gcc dot gnu dot org>
Date: Wed, 20 Feb 2008 11:21:42 -0700
Subject: Patch: FYI: fix PR libgcj/24170
Reply-to: Tom Tromey <tromey at redhat dot com>

PR libgcj/24170 concerns a potential security hole involving the use
of pathconf and readdir_r.

My recollection here is that back in ancient times when I wrote this,
I misunderstood the thread-safety aspects of readdir and thought that
we needed readdir_r.  However, that is not the case.  readdir_r is
only needed if multiple threads are trying to use the same directory
handle at the same time -- which is not what we do.

This patch solves the problem by deleting the readdir_r code.

Tom

ChangeLog:
2008-02-20  Tom Tromey  <tromey@redhat.com>

	PR libgcj/24170:
	* java/io/natFilePosix.cc (File::performList): Don't use
	readdir_r.
	* configure, include/config.h.in: Rebuilt.
	* configure.ac: Don't check for readdir_r.

Index: configure.ac
===================================================================
--- configure.ac	(revision 132440)
+++ configure.ac	(working copy)
@@ -1023,7 +1023,7 @@
    PLATFORMNET=NoNet
 else
    AC_CHECK_FUNCS([strerror_r select fstat open fsync sleep opendir \
-                   localtime_r readdir_r getpwuid_r getcwd \
+                   localtime_r getpwuid_r getcwd \
 		   access stat lstat mkdir rename rmdir unlink utime chmod readlink \
 		   nl_langinfo setlocale \
 		   inet_pton uname inet_ntoa \
Index: java/io/natFilePosix.cc
===================================================================
--- java/io/natFilePosix.cc	(revision 132440)
+++ java/io/natFilePosix.cc	(working copy)
@@ -1,6 +1,6 @@
 // natFile.cc - Native part of File class for POSIX.
 
-/* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2006
+/* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2006, 2008
    Free Software Foundation
 
    This file is part of libgcj.
@@ -292,13 +292,7 @@
 
   java::util::ArrayList *list = new java::util::ArrayList ();
   struct dirent *d;
-#if defined(HAVE_READDIR_R) && defined(_POSIX_PTHREAD_SEMANTICS)
-  int name_max = pathconf (buf, _PC_NAME_MAX);
-  char dbuf[sizeof (struct dirent) + name_max + 1];
-  while (readdir_r (dir, (struct dirent *) dbuf, &d) == 0 && d != NULL)
-#else /* HAVE_READDIR_R */
   while ((d = readdir (dir)) != NULL)
-#endif /* HAVE_READDIR_R */
     {
       // Omit "." and "..".
       if (d->d_name[0] == '.'

Follow-Ups:
- Re: Patch: FYI: fix PR libgcj/24170
  - From: David Daney

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]