[07/18] posix: User LOGIN_NAME_MAX for all user names in glob

Submitted by Adhemerval Zanella on Aug. 11, 2017, 2:50 p.m.

Details

Message ID 1502463044-4042-8-git-send-email-adhemerval.zanella@linaro.org
State New
Headers show

Commit Message

Adhemerval Zanella Aug. 11, 2017, 2:50 p.m.
This patch limits all user name obtained for GLOB_TILDE to max of
LOGIN_NAME_MAX (256 on glibc) and remove all stack/malloc buffer
handling boilerplate.

Checked on x86_64-linux-gnu.

	* posix/glob.c (glob): Remove alloca usage on user_name for
	GLOB_TILDE.
---
 posix/glob.c | 36 ++++++++++++------------------------
 1 file changed, 12 insertions(+), 24 deletions(-)

Patch hide | download patch | download mbox

diff --git a/posix/glob.c b/posix/glob.c
index 3a74758..554d558 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -27,6 +27,7 @@ 
 #include <errno.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/param.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
@@ -775,8 +776,7 @@  glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
       else
 	{
 	  char *end_name = strchr (dirname, '/');
-	  char *user_name;
-	  int malloc_user_name = 0;
+	  char user_name[LOGIN_NAME_MAX];
 	  char *unescape = NULL;
 
 	  if (!(flags & GLOB_NOESCAPE))
@@ -791,26 +791,14 @@  glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 		unescape = memchr (dirname, '\\', end_name - dirname);
 	    }
 	  if (end_name == NULL)
-	    user_name = dirname + 1;
+	    strncpy (user_name, dirname + 1, LOGIN_NAME_MAX - 1);
 	  else
 	    {
-	      char *newp;
-	      if (glob_use_alloca (alloca_used, end_name - dirname))
-		newp = alloca_account (end_name - dirname, alloca_used);
-	      else
-		{
-		  newp = malloc (end_name - dirname);
-		  if (newp == NULL)
-		    {
-		      retval = GLOB_NOSPACE;
-		      goto out;
-		    }
-		  malloc_user_name = 1;
-		}
 	      if (unescape != NULL)
 		{
-		  char *p = mempcpy (newp, dirname + 1,
-				     unescape - dirname - 1);
+		  ptrdiff_t name_len = unescape - dirname - 1;
+		  name_len = MIN (name_len, LOGIN_NAME_MAX - 1);
+		  char *p = mempcpy (user_name, dirname + 1, name_len);
 		  char *q = unescape;
 		  while (*q != '\0')
 		    {
@@ -832,9 +820,12 @@  glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 		  *p = '\0';
 		}
 	      else
-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
-		  = '\0';
-	      user_name = newp;
+		{
+		  ptrdiff_t name_len = end_name - dirname;
+		  name_len = MIN (name_len, LOGIN_NAME_MAX - 1);
+		  *((char *) mempcpy (user_name, dirname + 1, name_len))
+		    = '\0';
+		}
 	    }
 
 	  /* Look up specific user's home directory.  */
@@ -866,9 +857,6 @@  glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 	    p = getpwnam (user_name);
 #  endif
 
-	    if (__glibc_unlikely (malloc_user_name))
-	      free (user_name);
-
 	    /* If we found a home directory use this.  */
 	    if (p != NULL)
 	      {