diff mbox series

[v2] grantpt: Get rid of alloca

Message ID 20230607182139.1995884-1-josimmon@redhat.com
State New
Headers show
Series [v2] grantpt: Get rid of alloca | expand

Commit Message

Joe Simmons-Talbott June 7, 2023, 6:21 p.m. UTC 
Replace alloca with a scratch_buffer to avoid potential stack overflows.

Checked with build-many-glibcs.py on i686-gnu.
---
Changes to v1:
 * Move scratch_buffer_free call into same scope as the scratch_buffer
   and use the address of the scratch_buffer for scratch_buffer_free.

 sysdeps/unix/grantpt.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

Comments

Sergey Bugaev June 7, 2023, 7:05 p.m. UTC | #1 
Hello,

On Wed, Jun 7, 2023 at 9:21 PM Joe Simmons-Talbott <josimmon@redhat.com> wrote:
> +      if (!scratch_buffer_set_array_size (&sbuf, 1, grbuflen))
> +       {
> +         retval -1;
> +         goto cleanup;
> +       }

This still has the 'retval -1' :)

Sergey
Joe Simmons-Talbott June 13, 2023, 7:18 p.m. UTC | #2 
On Wed, Jun 07, 2023 at 10:05:57PM +0300, Sergey Bugaev wrote:
> Hello,
> 
> On Wed, Jun 7, 2023 at 9:21 PM Joe Simmons-Talbott <josimmon@redhat.com> wrote:
> > +      if (!scratch_buffer_set_array_size (&sbuf, 1, grbuflen))
> > +       {
> > +         retval -1;
> > +         goto cleanup;
> > +       }
> 
> This still has the 'retval -1' :)

I completely missed what you were saying and removed that line in v3.
I've added it back in v4 with the missing '='.

Thanks,
Joe
diff mbox series

Patch

diff --git a/sysdeps/unix/grantpt.c b/sysdeps/unix/grantpt.c
index 38fce52576..77c8d814cc 100644
--- a/sysdeps/unix/grantpt.c
+++ b/sysdeps/unix/grantpt.c
@@ -20,6 +20,7 @@ 
 #include <fcntl.h>
 #include <grp.h>
 #include <limits.h>
+#include <scratch_buffer.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/resource.h>
@@ -147,10 +148,19 @@  grantpt (int fd)
 	/* `sysconf' does not support _SC_GETGR_R_SIZE_MAX.
 	   Try a moderate value.  */
 	grbuflen = 1024;
-      grtmpbuf = (char *) __alloca (grbuflen);
+      struct scratch_buffer sbuf;
+      scratch_buffer_init (&sbuf);
+      if (!scratch_buffer_set_array_size (&sbuf, 1, grbuflen))
+	{
+	  retval -1;
+	  goto cleanup;
+	}
+      grtmpbuf = sbuf.data;
       __getgrnam_r (TTY_GROUP, &grbuf, grtmpbuf, grbuflen, &p);
       if (p != NULL)
 	tty_gid = p->gr_gid;
+
+      scratch_buffer_free(&sbuf);
     }
   gid_t gid = tty_gid == -1 ? __getgid () : tty_gid;