LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-06 11:09:05 +03:00
Code Issues Packages Projects Releases Wiki Activity

Kernel+LibC: Don't crash upon traversal of large directories.

Browse Source
This commit is contained in:
Andreas Kling 2019-03-20 18:31:12 +01:00
parent 7b32afdcfc
commit 86e2348b74
Notes: sideshowbarker 2024-07-19 14:59:16 +09:00 
Author: https://github.com/awesomekling
Commit: https://github.com/SerenityOS/serenity/commit/86e2348b74d
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Kernel/FileDescriptor.cpp
View File

@ -278,8 +278,9 @@ ssize_t FileDescriptor::get_dir_entries(byte* buffer, ssize_t size)
if (!metadata.is_directory())
return -ENOTDIR;
// FIXME: Compute the actual size needed.
auto temp_buffer = ByteBuffer::create_uninitialized(2048);
int size_to_allocate = max(PAGE_SIZE, metadata.size);
auto temp_buffer = ByteBuffer::create_uninitialized(size_to_allocate);
BufferStream stream(temp_buffer);
VFS::the().traverse_directory_inode(*m_inode, [&stream] (auto& entry) {
stream << (dword)entry.inode.index();
@ -288,11 +289,12 @@ ssize_t FileDescriptor::get_dir_entries(byte* buffer, ssize_t size)
stream << entry.name;
return true;
});
stream.snip();
if (size < stream.offset())
if (size < temp_buffer.size())
return -1;
memcpy(buffer, temp_buffer.pointer(), stream.offset());
memcpy(buffer, temp_buffer.pointer(), temp_buffer.size());
return stream.offset();
}

13
LibC/dirent.cpp
View File

@ -5,6 +5,9 @@
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <AK/StdLibExtras.h>
#include <Kernel/Syscall.h>
extern "C" {
@ -54,9 +57,13 @@ dirent* readdir(DIR* dirp)
return nullptr;
if (!dirp->buffer) {
// FIXME: Figure out how much to actually allocate.
dirp->buffer = (char*)malloc(4096);
ssize_t nread = syscall(SC_get_dir_entries, dirp->fd, dirp->buffer, 4096);
struct stat st;
int rc = fstat(dirp->fd, &st);
if (rc < 0)
return nullptr;
size_t size_to_allocate = max(st.st_size, 4096);
dirp->buffer = (char*)malloc(size_to_allocate);
ssize_t nread = syscall(SC_get_dir_entries, dirp->fd, dirp->buffer, size_to_allocate);
dirp->buffer_size = nread;
dirp->nextptr = dirp->buffer;
}