Your message dated Thu, 13 Oct 2016 16:59:28 +0200 with message-id <ca6b64db-115f-f5d1-9213-c8a34a04f...@debian.org> and subject line Bug housekeeping has caused the Debian Bug report #715261, regarding readdir(3): readdir_r should be strongly discouraged due to security reasons to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 715261: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715261 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: manpages-dev Version: 3.51-1 Severity: normal The readdir(3) / readdir_r(3) man page says about readdir_r(): Since POSIX.1 does not specify the size of the d_name field, and other nonstandard fields may precede that field within the dirent structure, portable applications that use readdir_r() should allocate the buffer whose address is passed in entry as follows: name_max = pathconf(dirpath, _PC_NAME_MAX); if (name_max == -1) /* Limit not defined, or error */ name_max = 255; /* Take a guess */ len = offsetof(struct dirent, d_name) + name_max + 1; entryp = malloc(len); But if name_max is wrong and a file has a name greater than what has been allocated for d_name, this will yield a buffer overflow. Thus the man page should strongly discourage the use of readdir_r() for security reasons. See http://elliotth.blogspot.fr/2012/10/how-not-to-use-readdirr3.html Note that even if pathconf doesn't fail, this is not safe due to the race condition (as mentioned at the above URL) and also because _PC_NAME_MAX just means "the maximum length of a filename in the directory path [or fd] that the process is allowed to create."; other processes may have created longer filenames, and indeed the pathconf(3) man page says: Files with name lengths longer than the value returned for _name_ equal to _PC_NAME_MAX may exist in the given directory. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.9-1-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages manpages-dev depends on: ii manpages 3.51-1 manpages-dev recommends no packages. Versions of packages manpages-dev suggests: ii man-db [man-browser] 2.6.5-2 -- no debconf information
--- End Message ---
--- Begin Message ---Version: 4.05-1 Hi, this bug should be fixed with the latest upload of manpages. Regards, Tobias
Description: OpenPGP digital signature
--- End Message ---