From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) by sourceware.org (Postfix) with ESMTPS id 6914B3858D28 for ; Mon, 28 Aug 2023 17:01:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6914B3858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-ot1-x32c.google.com with SMTP id 46e09a7af769-6bf0decd032so1164659a34.0 for ; Mon, 28 Aug 2023 10:01:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1693242118; x=1693846918; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=dv22UQd749u0CR4QTSp7126KwwEp7xh3x2ewXsxcGr8=; b=gkHO7B6/ualA2UVZF+T3dsVeWLblpYFcOM0dyE1QBwmF+FO2IeabGwbndmvI9IdUBA JDsugRPfvTCJu1Up4nqMTHHN1s8l9WPa+/O39MZOKxIQSqQN7TUXU7HDEn5zvjdhc2Uw oUi94jctBg/96FbuKQ0ItCK1pIZSuvc6kJ5wduAJwz5njCuTogAr2f+brR9jBc17n+u9 R3nYwM37fXFCKYswP/qyWA3D7ILJG0Ew8qub5Kp96dYO6LyRc2CL7EQu128aYwgCq2l3 8WvohqxaZAdfngWgGLAeNImIL/TrfM/zAFPUrwppfBg49zO0nXjTmhub5b/siNZHUEyy bg/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693242118; x=1693846918; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dv22UQd749u0CR4QTSp7126KwwEp7xh3x2ewXsxcGr8=; b=gQMPy1y4W5fMgzA0gbQ42Gx/e+5pKfLLuq82WQcq61U1peWJw8D0U2kHW2HMKedcU8 g1wNR84m4sHusTeBlOlhNbEAxuH+Rau+KPyBqgi8eV2jDAGjPev4oqOKwJYqyE990D0C 6q5qb0wXoID8oP9wJrIkIfeTMJwRyz/MySY6BX772d5zRhfzNaVzOgjXLUTE8PifmHVk iqAG7uIPprA1ihtQ+2UazxxOvoq9jhJDeriTHipyd/eZ3wg4hII+V6soF+nR54pt5gx/ a0ReFsoRByTgs7L0AeJdMtoAFBt7kIEztO+IUeGIpEjW57nMUOb4W90jsMdGV1PKQMEy ALGg== X-Gm-Message-State: AOJu0YwVh8SUSG+yMjR5gaJE7CiNdOQrKkM+eFj6JG09BADGvJalCd5Q TVzaT52G/8r/fWMUJilNUHIxNNHpgMq3fUzbs/716A== X-Google-Smtp-Source: AGHT+IFXnB2EEddweitfwOsYDNYJY1ZomTe+xbK0CcDOTqqvaBQLJwUq0XoweBhfDgzA5xrSIcMyvA== X-Received: by 2002:a05:6870:b28b:b0:1bf:87af:e6df with SMTP id c11-20020a056870b28b00b001bf87afe6dfmr11351175oao.55.1693242118006; Mon, 28 Aug 2023 10:01:58 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c3:578c:9c3a:f97c:ae6e:d589? ([2804:1b3:a7c3:578c:9c3a:f97c:ae6e:d589]) by smtp.gmail.com with ESMTPSA id j4-20020a056870a48400b001cc5fec1d26sm4450077oal.18.2023.08.28.10.01.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 28 Aug 2023 10:01:56 -0700 (PDT) Message-ID: <0dfcb736-7948-55bc-a6d4-e715b39d5fee@linaro.org> Date: Mon, 28 Aug 2023 14:01:54 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 Subject: Re: [PATCH] getpw: Get rid of alloca Content-Language: en-US To: libc-alpha@sourceware.org, Joe Simmons-Talbott References: <20230707200400.378096-1-josimmon@redhat.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: <20230707200400.378096-1-josimmon@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-13.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,KAM_SHORT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 07/07/23 17:04, Joe Simmons-Talbott via Libc-alpha wrote: > Use a scratch_buffer rather than alloca to avoid potential stack > overflow. > --- > pwd/getpw.c | 34 +++++++++++++++++++++++++++------- > 1 file changed, 27 insertions(+), 7 deletions(-) > > diff --git a/pwd/getpw.c b/pwd/getpw.c > index cf747374b8..7a27d79910 100644 > --- a/pwd/getpw.c > +++ b/pwd/getpw.c > @@ -15,8 +15,8 @@ > License along with the GNU C Library; if not, see > . */ > > -#include > #include > +#include > #include > #include > #include > @@ -34,28 +34,48 @@ __getpw (__uid_t uid, char *buf) > size_t buflen; > char *tmpbuf; > struct passwd resbuf, *p; > + int retval = 0; > + struct scratch_buffer sbuf; > + scratch_buffer_init (&sbuf); > > if (buf == NULL) > { > __set_errno (EINVAL); > - return -1; > + retval = -1; > + goto error_out; > } > There is no need to call scratch_buffer_free here. You can move the scratch_buffer initialization later. > buflen = __sysconf (_SC_GETPW_R_SIZE_MAX); > - tmpbuf = alloca (buflen); > + if (!scratch_buffer_set_array_size (&sbuf, 1, buflen)) The _SC_GETPW_R_SIZE_MAX will be always NSS_BUFLEN_PASSWD so there is no need to a scratch_buffer here (similar to sysdeps/posix/cuserid.c assumption). Since the functions is historical tricky to be used correctly, I think it should continue to fail with passwords larger than _SC_GETPW_R_SIZE_MAX. > + { > + retval = -1; > + goto error_out; > + } > + tmpbuf = sbuf.data; > > if (__getpwuid_r (uid, &resbuf, tmpbuf, buflen, &p) != 0) > - return -1; > + { > + retval = -1; > + goto error_out; > + } > > if (p == NULL) > - return -1; > + { > + retval = -1; > + goto error_out; > + } > > if (sprintf (buf, "%s:%s:%lu:%lu:%s:%s:%s", p->pw_name, p->pw_passwd, > (unsigned long int) p->pw_uid, (unsigned long int) p->pw_gid, > p->pw_gecos, p->pw_dir, p->pw_shell) < 0) > - return -1; > + { > + retval = -1; > + goto error_out; > + } > > - return 0; > +error_out: > + scratch_buffer_free (&sbuf); > + return retval; > } > weak_alias (__getpw, getpw) >