From patchwork Mon Dec 18 18:44:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joseph Myers X-Patchwork-Id: 850331 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-88291-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="m93XwYX8"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3z0qjK49MYz9s1h for ; Tue, 19 Dec 2017 05:45:25 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:mime-version :content-type; q=dns; s=default; b=IMOth9ZC54VZCRYRt42nYCFQOMde9 cXA2NN5vmlIwCibzC/+RTtJGuDNjWD1lDOaT9tUpTXGIfrCuSrpdXuPt4oNdja5b xS0kd/f76ZaaUCmRdLsJFhR87pG8sqNOF8WU/rFnZvk6ci1XNipBadgaSMH/IlZC pjEE/NWJA1Ales= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:mime-version :content-type; s=default; bh=lueJrFDJiZZ4rJsr0vymSeKXlpI=; b=m93 XwYX80jnC1YMeBMr+uVzltkFkfMBODHG4fqlmHu6br/eIQU/FitNc45BIWAaSZEs 5hGBaCDjwFOUXEwNn8fAB54i+d45roLShfj4yR2cXdPeO01/0/+0Y8payNbdt29Y x5mV0c+6FczYI1+ned1g4HdBgA5gXC9Dq81TFvio= Received: (qmail 129934 invoked by alias); 18 Dec 2017 18:45:17 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 129764 invoked by uid 89); 18 Dec 2017 18:45:04 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-24.5 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS, URIBL_RED autolearn=ham version=3.3.2 spammy= X-HELO: relay1.mentorg.com Date: Mon, 18 Dec 2017 18:44:57 +0000 From: Joseph Myers To: Subject: Fix nscd readlink argument aliasing (bug 22446) Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 X-ClientProxiedBy: svr-ies-mbx-01.mgc.mentorg.com (139.181.222.1) To svr-ies-mbx-01.mgc.mentorg.com (139.181.222.1) Current GCC mainline detects that nscd calls readlink with the same buffer for both input and output, which is not valid (those arguments are both restrict-qualified in POSIX). This patch makes it use a separate buffer for readlink's input (with a size that is sufficient to avoid truncation, so there should be no problems with warnings about possible truncation, though not strictly minimal, but much smaller than the buffer for output) to avoid this problem. Tested compilation for aarch64-linux-gnu with build-many-glibcs.py. 2017-12-18 Joseph Myers [BZ #22446] * nscd/connections.c (handle_request) [SO_PEERCRED]: Use separate buffers for readlink input and output. Reviewed-by: Carlos O'Donell diff --git a/nscd/connections.c b/nscd/connections.c index cc1ed72..dab722d 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -1077,14 +1077,15 @@ cannot handle old request version %d; current version is %d"), if (debug_level > 0) { #ifdef SO_PEERCRED + char pbuf[sizeof ("/proc//exe") + 3 * sizeof (long int)]; # ifdef PATH_MAX char buf[PATH_MAX]; # else char buf[4096]; # endif - snprintf (buf, sizeof (buf), "/proc/%ld/exe", (long int) pid); - ssize_t n = readlink (buf, buf, sizeof (buf) - 1); + snprintf (pbuf, sizeof (pbuf), "/proc/%ld/exe", (long int) pid); + ssize_t n = readlink (pbuf, buf, sizeof (buf) - 1); if (n <= 0) dbg_log (_("\