Bug 14700

Summary: opendir: potential integer overflow
Product: glibc Reporter: Florian Weimer <fweimer>
Component: libcAssignee: Florian Weimer <fweimer>
Status: RESOLVED FIXED    
Severity: normal CC: drepper.fsp
Priority: P2 Flags: fweimer: security-
Version: unspecified   
Target Milestone: 2.17   
Host: Target:
Build: Last reconfirmed:

Description Florian Weimer 2012-10-11 14:37:52 UTC
In __alloc_dir in sysdeps/posix/opendir.c, st_blksize can be a large value from a source which is not necessarily trusted.  Therefore, we should check that the addition does not overflow and fall back to default_allocation in that case.
Comment 1 Florian Weimer 2012-11-29 15:14:20 UTC
Fixed in commit 172a631a1fc8ec8fcef80af1f91438d092957c3e.