On 10/30/2013 11:18 AM, Eric Blake wrote: > The only safe way to use readdir_r is to know the maximum d_name that > can possibly be returned, but there is no glfs_fpathconf() for > determining that information. Your example usage of glfs_readdir_r() > suggests that 512 bytes is large enough: > https://forge.gluster.org/glusterfs-core/glusterfs/blobs/f44ada6cd9bcc5ab98ca66bedde4fe23dd1c3f05/api/examples/glfsxmp.c > but I don't know if that is true. Okay, after a bit more investigation, I see: gf_dirent_to_dirent (gf_dirent_t *gf_dirent, struct dirent *dirent) { dirent->d_ino = gf_dirent->d_ino; #ifdef _DIRENT_HAVE_D_OFF dirent->d_off = gf_dirent->d_off; #endif #ifdef _DIRENT_HAVE_D_TYPE dirent->d_type = gf_dirent->d_type; #endif #ifdef _DIRENT_HAVE_D_NAMLEN dirent->d_namlen = strlen (gf_dirent->d_name); #endif strncpy (dirent->d_name, gf_dirent->d_name, 256); } I also discovered that 'getconf NAME_MAX /path/to/xfs/mount' is 255, so it looks like you got lucky (although strncpy is generally unsafe because it fails to write a NUL terminator if you truncate the string, it looks like you are guaranteed by XFS to never have a string that needs truncation). > You _do_ have the advantage that > since every brick backing a glusterfs volume is using an xfs file > system, then you only have to worry about the NAME_MAX of xfs - but I > don't know that value off the top of my head. Again, my research shows it is 255. > Can you please let me > know how big I should make my struct dirent to avoid buffer overflow, > and properly document this in <glusterfs/api/glfs.h>? Furthermore, can > you please provide a much saner glfs_readdir() so I don't have to worry > about contortions of using a broken-by-design function? These requests are still in force. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
