From 55ecde7f1b70d5c05dc5a39cf08098426f466bbc Mon Sep 17 00:00:00 2001 From: Andy Hawkins Date: Wed, 14 Feb 2018 14:24:39 +0000 Subject: [PATCH] Inotify: Ignore backup files created by editors Use strlen to determine the length of the filename returned by inotify, as in->len refers to the length of the buffer containing the name, not the length of the name itself. http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011950.html Signed-off-by: Andy Hawkins Patch further modified by simon@thekelleys.org to avoid out-of-bounds array access with an empty string, call strlen once, and reverse order of filename verifcation and resolv-file test. --- src/inotify.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/inotify.c b/src/inotify.c index eda1d56..7107833 100644 --- a/src/inotify.c +++ b/src/inotify.c @@ -227,19 +227,21 @@ int inotify_check(time_t now) for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len) { + size_t namelen; + in = (struct inotify_event*)p; - for (res = daemon->resolv_files; res; res = res->next) - if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0) - hit = 1; - /* ignore emacs backups and dotfiles */ - if (in->len == 0 || - in->name[in->len - 1] == '~' || - (in->name[0] == '#' && in->name[in->len - 1] == '#') || + if (in->len == 0 || (namelen = strlen(in->name)) == 0 || + in->name[namelen - 1] == '~' || + (in->name[0] == '#' && in->name[namelen - 1] == '#') || in->name[0] == '.') continue; - + + for (res = daemon->resolv_files; res; res = res->next) + if (res->wd == in->wd && strcmp(res->file, in->name) == 0) + hit = 1; + for (ah = daemon->dynamic_dirs; ah; ah = ah->next) if (ah->wd == in->wd) {