lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 13 Jun 2018 02:30:57 +0000
Subject: [Bug 200043] lseek returns negative positions for directories on
 ext4 fs

Theodore Tso ( changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #3 from Theodore Tso ( ---
The answer is it depends on what version of the standard.  Quoting from SuSv3:

The POSIX.1-1990 standard did not specifically prohibit lseek() from returning
a negative offset. Therefore, an application was required to clear errno prior
to the call and check errno upon return to determine whether a return value of
( off_t)-1 is a negative offset or an indication of an error condition. The
standard developers did not wish to require this action on the part of a
conforming application, and chose to require that errno be set to [EINVAL] when
the resulting file offset would be negative for a regular file, block special
file, or directory.

The main thing that the standards don't require that read(2)/lseek(2) on
directories; the only thing is guaranteed to work is
readdir()/telldir()/seekdir().   And the standards don't define fdopendir(), so
there's no way to get access to the file descriptor associated with opendir(),
and so there's no standard way to call lseek() on a directory stream.   In
actual practice, if you use fdopendir() and then try to use lseek(2) on it, the
results will be chaos and readdir(2) will malfunction various wild and
unpredictable ways.

In any case, the problem seems to be in glibc; the system call lseek(2) returns
64-bit offsets.  However, for backwards compatibility the lseek() function
visible to userspace uses a 32-bit off_t type.   And glibc() is not properly
returning EOVERFLOW and is instead truncating the value returned by lseek.  You
can see this if you run strace on your test binary:

lseek(3, -10, SEEK_END)                 = 9223372036854775797
write(1, "lseek returned: -11 (errno = 0)\n", 32lseek returned: -11 (errno = 0)
) = 32
lseek(3, -1, SEEK_END)                  = 9223372036854775806
write(1, "lseek returned: -2 (errno = 0)\n", 31lseek returned: -2 (errno = 0)
) = 31

In practice, it probably doesn't matter, because no sane program will be using
lseek() in actual practice on a directory.  It should be using
opendir(2)/readdir(2)/telldir(2)/seekdir(3).   And that all works correctly.

You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists