Inotify: Ignore backup files created by editors

Use strlen to determine the length of the filename returned by inotify, as in->len refers to the length of the buffer containing the name, not the length of the name itself. http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011950.html Signed-off-by: Andy Hawkins <andy@gently.org.uk> Patch further modified by simon@thekelleys.org to avoid out-of-bounds array access with an empty string, call strlen once, and reverse order of filename verifcation and resolv-file test.
2025-12-19 18:28:25 +00:00 · 2018-02-14 14:24:39 +00:00
parent 6b54d69a85
commit 55ecde7f1b
1 changed files with 10 additions and 8 deletions
--- a/src/inotify.c
+++ b/src/inotify.c
@@ -227,19 +227,21 @@ int inotify_check(time_t now)
      
      for (p = inotify_buffer; rc - (p - inotify_buffer) >= (int)sizeof(struct inotify_event); p += sizeof(struct inotify_event) + in->len) 
 	{
+	  size_t namelen;
+
 	  in = (struct inotify_event*)p;
 	  
-	  for (res = daemon->resolv_files; res; res = res->next)
-	    if (res->wd == in->wd && in->len != 0 && strcmp(res->file, in->name) == 0)
-	      hit = 1;
-
 	  /* ignore emacs backups and dotfiles */
-	  if (in->len == 0 || 
-	      in->name[in->len - 1] == '~' ||
-	      (in->name[0] == '#' && in->name[in->len - 1] == '#') ||
+	  if (in->len == 0 || (namelen = strlen(in->name)) == 0 ||
+	      in->name[namelen - 1] == '~' ||
+	      (in->name[0] == '#' && in->name[namelen - 1] == '#') ||
 	      in->name[0] == '.')
 	    continue;
-	  
+
+	  for (res = daemon->resolv_files; res; res = res->next)
+	    if (res->wd == in->wd && strcmp(res->file, in->name) == 0)
+	      hit = 1;
+
 	  for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
 	    if (ah->wd == in->wd)
 	      {