apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From i...@apache.org
Subject svn commit: r1860747 - in /apr/apr/trunk: file_io/win32/dir.c test/testdir.c
Date Fri, 07 Jun 2019 12:01:29 GMT
Author: ivan
Date: Fri Jun  7 12:01:28 2019
New Revision: 1860747

URL: http://svn.apache.org/viewvc?rev=1860747&view=rev
Log:
Windows platform: Fix access to uninitialized memory in apr_dir_read() when
wanted is more than APR_FINFO_MIN.

Modified:
    apr/apr/trunk/file_io/win32/dir.c
    apr/apr/trunk/test/testdir.c

Modified: apr/apr/trunk/file_io/win32/dir.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/file_io/win32/dir.c?rev=1860747&r1=1860746&r2=1860747&view=diff
==============================================================================
--- apr/apr/trunk/file_io/win32/dir.c (original)
+++ apr/apr/trunk/file_io/win32/dir.c Fri Jun  7 12:01:28 2019
@@ -172,8 +172,18 @@ APR_DECLARE(apr_status_t) apr_dir_read(a
         /* Almost all our work is done.  Tack on the wide file name
          * to the end of the wdirname (already / delimited)
          */
-        if (!eos)
+        if (!eos) {
+            /* It's more efficient to store WDIRNAME in THEDIR,
+             * but let's make simple fix first. */
+            if ((rv = utf8_to_unicode_path(wdirname, sizeof(wdirname)
+                                                     / sizeof(apr_wchar_t),
+                                           thedir->dirname))) {
+                return rv;
+            }
+
             eos = wcschr(wdirname, '\0');
+        }
+
         wcscpy(eos, thedir->w.entry->cFileName);
         rv = more_finfo(finfo, wdirname, wanted, MORE_OF_WFSPEC);
         eos[0] = '\0';

Modified: apr/apr/trunk/test/testdir.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/test/testdir.c?rev=1860747&r1=1860746&r2=1860747&view=diff
==============================================================================
--- apr/apr/trunk/test/testdir.c (original)
+++ apr/apr/trunk/test/testdir.c Fri Jun  7 12:01:28 2019
@@ -378,6 +378,57 @@ static void test_rmkdir_nocwd(abts_case
     APR_ASSERT_SUCCESS(tc, "remove cwd", apr_dir_remove(path, p));
 }
 
+static void test_readmore_info(abts_case* tc, void* data)
+{
+    apr_status_t rv;
+    apr_dir_t* dir;
+    apr_file_t* thefile;
+    apr_finfo_t finfo;
+    /* Ask for information that is not stored in dirent. */
+    apr_uint32_t wanted = APR_FINFO_MIN | APR_FINFO_OWNER;
+
+    rv = apr_dir_make("dir1",
+                      APR_FPROT_UREAD | APR_FPROT_UWRITE | APR_FPROT_UEXECUTE,
+                      p);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+    rv = apr_file_open(&thefile, "dir1/file1",
+                       APR_FOPEN_READ | APR_FOPEN_WRITE | APR_FOPEN_CREATE,
+                       APR_FPROT_OS_DEFAULT, p);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+    rv = apr_file_close(thefile);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+    rv = apr_file_open(&thefile, "dir1/file2",
+                       APR_FOPEN_READ | APR_FOPEN_WRITE | APR_FOPEN_CREATE,
+                       APR_FPROT_OS_DEFAULT, p);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+    rv = apr_file_close(thefile);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+    rv = apr_dir_open(&dir, "dir1", p);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+    while (1) {
+        rv = apr_dir_read(&finfo, wanted, dir);
+        if (APR_STATUS_IS_ENOENT(rv))
+            break;
+
+        ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+        ABTS_TRUE(tc, finfo.valid & wanted);
+    }
+
+    apr_dir_close(dir);
+
+    rv = apr_file_remove("dir1/file1", p);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+    rv = apr_file_remove("dir1/file2", p);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+
+    rv = apr_dir_remove("dir1", p);
+    ABTS_INT_EQUAL(tc, APR_SUCCESS, rv);
+}
 
 abts_suite *testdir(abts_suite *suite)
 {
@@ -399,6 +450,7 @@ abts_suite *testdir(abts_suite *suite)
     abts_run_test(suite, test_opendir_notthere, NULL);
     abts_run_test(suite, test_closedir, NULL);
     abts_run_test(suite, test_uncleared_errno, NULL);
+    abts_run_test(suite, test_readmore_info, NULL);
 
     return suite;
 }



Mime
View raw message