Kernel+LibC: Don't crash upon traversal of large directories.

This commit is contained in:
Andreas Kling 2019-03-20 18:31:12 +01:00
parent 7b32afdcfc
commit 86e2348b74
Notes: sideshowbarker 2024-07-19 14:59:16 +09:00
2 changed files with 16 additions and 7 deletions

View File

@ -278,8 +278,9 @@ ssize_t FileDescriptor::get_dir_entries(byte* buffer, ssize_t size)
if (!metadata.is_directory()) if (!metadata.is_directory())
return -ENOTDIR; return -ENOTDIR;
// FIXME: Compute the actual size needed. int size_to_allocate = max(PAGE_SIZE, metadata.size);
auto temp_buffer = ByteBuffer::create_uninitialized(2048);
auto temp_buffer = ByteBuffer::create_uninitialized(size_to_allocate);
BufferStream stream(temp_buffer); BufferStream stream(temp_buffer);
VFS::the().traverse_directory_inode(*m_inode, [&stream] (auto& entry) { VFS::the().traverse_directory_inode(*m_inode, [&stream] (auto& entry) {
stream << (dword)entry.inode.index(); stream << (dword)entry.inode.index();
@ -288,11 +289,12 @@ ssize_t FileDescriptor::get_dir_entries(byte* buffer, ssize_t size)
stream << entry.name; stream << entry.name;
return true; return true;
}); });
stream.snip();
if (size < stream.offset()) if (size < temp_buffer.size())
return -1; return -1;
memcpy(buffer, temp_buffer.pointer(), stream.offset()); memcpy(buffer, temp_buffer.pointer(), temp_buffer.size());
return stream.offset(); return stream.offset();
} }

View File

@ -5,6 +5,9 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <AK/StdLibExtras.h>
#include <Kernel/Syscall.h> #include <Kernel/Syscall.h>
extern "C" { extern "C" {
@ -54,9 +57,13 @@ dirent* readdir(DIR* dirp)
return nullptr; return nullptr;
if (!dirp->buffer) { if (!dirp->buffer) {
// FIXME: Figure out how much to actually allocate. struct stat st;
dirp->buffer = (char*)malloc(4096); int rc = fstat(dirp->fd, &st);
ssize_t nread = syscall(SC_get_dir_entries, dirp->fd, dirp->buffer, 4096); if (rc < 0)
return nullptr;
size_t size_to_allocate = max(st.st_size, 4096);
dirp->buffer = (char*)malloc(size_to_allocate);
ssize_t nread = syscall(SC_get_dir_entries, dirp->fd, dirp->buffer, size_to_allocate);
dirp->buffer_size = nread; dirp->buffer_size = nread;
dirp->nextptr = dirp->buffer; dirp->nextptr = dirp->buffer;
} }