posix: Fix buffer overrun in _handle_list_xattr()

In _handle_list_xattr() we test remaining_size > 0 to check that
we do not overrun the buffer, but since that variable was unsigned
(size_t), the condition would let us go beyond end of buffer if
remaining_size became negative.

This could happen if attribute list grew between the first
sys_llistxattr() call that gets the size and the second sys_llistxattr()
call that get the data. We fix the problem by making remaining_size
signed (ssize_t). This also matches sys_llistxattr() return type.

While there, we use the size returned by the second sys_llistxattr()
call to parse the buffser, as it may also be smaller than the size
obtained from first call, if attribute list shrank.

This fixes a spurious crash in tests/basic/afr/resolve.t

BUG: 1129939
Change-Id: Ifc5884dd0f39a50bf88aa51fefca8e2fa22ea913
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/9204
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

0 files changed, 0 insertions, 0 deletions