Thanks Marcelo. It's embarassing how many memory bugs I've put into
bindfs recently.
1.10.7 should be clean (ran test suite with valgrind), but if you want
to base off 1.10.3 due to a feature freeze or something, then please use
the attached two patches instead. One is a more comprehensive fix to
readdir that can handle any failure of pathconf for any reason. The
other fixes another serious memory error in 1.10.3.
Thanks and my apologies.
Martin
--- bindfs-1.10.3/src/bindfs.c 2012-05-18 16:45:33.000000000 +0300
+++ bindfs-new/src/bindfs.c 2012-07-15 12:12:39.748468808 +0300
@@ -54,6 +54,7 @@
#include <assert.h>
#include <pwd.h>
#include <grp.h>
+#include <limits.h>
#ifdef HAVE_SETXATTR
#include <sys/xattr.h>
#endif
@@ -399,9 +400,16 @@
struct dirent *de;
struct stat st;
int result = 0;
- (void) path;
+ long pc_ret;
- de_buf = malloc(offsetof(struct dirent, d_name) + pathconf(path, _PC_NAME_MAX) + 1);
+ path = process_path(path);
+
+ pc_ret = pathconf(path, _PC_NAME_MAX);
+ if (pc_ret < 0) {
+ DPRINTF("pathconf failed: %d", errno);
+ pc_ret = NAME_MAX;
+ }
+ de_buf = malloc(offsetof(struct dirent, d_name) + pc_ret + 1);
seekdir(dp, offset);
while (1) {
--- bindfs-1.10.3/src/usermap.c 2012-05-18 16:45:33.000000000 +0300
+++ bindfs-1.10.4/src/usermap.c 2012-06-18 08:57:55.000000000 +0300
@@ -44,7 +44,11 @@
return usermap_status_ok;
}
if (map->user_size == map->user_capacity) {
- map->user_capacity *= 2;
+ if (map->user_capacity == 0) {
+ map->user_capacity = 8;
+ } else {
+ map->user_capacity *= 2;
+ }
map->user_from = (uid_t*)realloc(map->user_from, map->user_capacity * sizeof(uid_t));
map->user_to = (uid_t*)realloc(map->user_to, map->user_capacity * sizeof(uid_t));
}
@@ -65,7 +69,11 @@
return usermap_status_ok;
}
if (map->group_size == map->group_capacity) {
- map->group_capacity *= 2;
+ if (map->group_capacity == 0) {
+ map->group_capacity = 8;
+ } else {
+ map->group_capacity *= 2;
+ }
map->group_from = (gid_t*)realloc(map->group_from, map->group_capacity * sizeof(gid_t));
map->group_to = (gid_t*)realloc(map->group_to, map->group_capacity * sizeof(gid_t));
}