From: Theodore Ts'o <tytso@mit.edu>
Date: Mon, 1 Sep 2008 13:38:32 +0000 (-0400)
Subject: libe2p: Fix potential core-dumping bug in iterate_on_dir()
X-Git-Tag: v1.41.1~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7fd2651f67a43fad3cc1cc2db7c0e5f9c568023c;p=thirdparty%2Fe2fsprogs.git

libe2p: Fix potential core-dumping bug in iterate_on_dir()

iterate_on_dir() can try to copy too much data from the directory
entry, resulting in a crash.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
---

diff --git a/lib/e2p/iod.c b/lib/e2p/iod.c
index 2c675b9d9..1edfc4f2e 100644
--- a/lib/e2p/iod.c
+++ b/lib/e2p/iod.c
@@ -56,12 +56,12 @@ int iterate_on_dir (const char * dir_name,
 		return -1;
 	}
 	while ((dep = readdir (dir))) {
-		len = sizeof(struct dirent);
 #ifdef HAVE_RECLEN_DIRENT
-		if (len < dep->d_reclen)
-			len = dep->d_reclen;
+		len = dep->d_reclen;
 		if (len > max_len)
 			len = max_len;
+#else
+		len = sizeof(struct dirent);
 #endif
 		memcpy(de, dep, len);
 		if ((*func)(dir_name, de, private))