From 29f737045225d1e314a5987ed6d8d6a2d53336f1 Mon Sep 17 00:00:00 2001
Date: Tue, 30 Aug 2011 18:00:30 -0700
Subject: [PATCH 1/5] Fix buffer-overflow when directory contents change at wrong time.

The list of entries returned by readdir() is not guaranteed to be stable
across rewinddir() calls (and in fact a simple test of reading a
directory, creating a file, and then calling rewinddir() and reading the
entries again will demonstrate this). So we need to guard against this.
---
 source3/modules/vfs_dirsort.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c
index adeab04..1dd8919 100644
--- a/source3/modules/vfs_dirsort.c
+++ b/source3/modules/vfs_dirsort.c
@@ -81,6 +81,8 @@ static bool open_and_sort_dir (vfs_handle_struct *handle)
 	data->pos = 0;
 	while ((dp = SMB_VFS_NEXT_READDIR(handle, data->source_directory,
 					  NULL)) != NULL) {
+		if (data->pos >= data->number_of_entries)
+			break;		/* directory changed since opendir */
 		data->directory_list[data->pos++] = *dp;
 	}
 
-- 
1.7.3.4