[PATCH] elf: Remove alloca usage from chroot

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

* [PATCH] elf: Remove alloca usage from chroot_canon.
@ 2023-09-19 18:24 Joe Simmons-Talbott
  0 siblings, 0 replies; only message in thread
From: Joe Simmons-Talbott @ 2023-09-19 18:24 UTC (permalink / raw)
  To: libc-alpha; +Cc: Joe Simmons-Talbott

Replace alloca with scratch_buffers to prevent potential stack overflow.
---
 elf/chroot_canon.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/elf/chroot_canon.c b/elf/chroot_canon.c
index 63a1ae6dbb..a03a2998d2 100644
--- a/elf/chroot_canon.c
+++ b/elf/chroot_canon.c
@@ -15,6 +15,7 @@
    You should have received a copy of the GNU General Public License
    along with this program; if not, see <https://www.gnu.org/licenses/>.  */
 
+#include <scratch_buffer.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
@@ -49,6 +50,10 @@ chroot_canon (const char *chroot, const char *name)
   const char *rpath_limit;
   int num_links = 0;
   size_t chroot_len = strlen (chroot);
+  struct scratch_buffer sbuf;
+  scratch_buffer_init (&sbuf);
+  struct scratch_buffer extra_sbuf;
+  scratch_buffer_init (&extra_sbuf);
 
   if (chroot_len < 1)
     {
@@ -123,7 +128,9 @@ chroot_canon (const char *chroot, const char *name)
 
 	  if (S_ISLNK (st.st_mode))
 	    {
-	      char *buf = alloca (PATH_MAX);
+	      if (!scratch_buffer_set_array_size (&sbuf, 1, PATH_MAX))
+	        goto error;
+	      char *buf = sbuf.data;
 	      size_t len;
 
 	      if (++num_links > __eloop_threshold ())
@@ -142,7 +149,11 @@ chroot_canon (const char *chroot, const char *name)
 	      buf[n] = '\0';
 
 	      if (!extra_buf)
-		extra_buf = alloca (PATH_MAX);
+		{
+		  if (!scratch_buffer_set_array_size (&extra_sbuf, 1, PATH_MAX))
+		    goto error;
+		  extra_buf = extra_sbuf.data;
+		}
 
 	      len = strlen (end);
 	      if (len >= PATH_MAX - n)
@@ -168,10 +179,14 @@ chroot_canon (const char *chroot, const char *name)
   if (dest > rpath_root + 1 && dest[-1] == '/')
     --dest;
   *dest = '\0';
+  scratch_buffer_free (&sbuf);
+  scratch_buffer_free (&extra_sbuf);
 
   return rpath;
 
  error:
   free (rpath);
+  scratch_buffer_free (&sbuf);
+  scratch_buffer_free (&extra_sbuf);
   return NULL;
 }
-- 
2.39.2


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-09-19 18:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-19 18:24 [PATCH] elf: Remove alloca usage from chroot_canon Joe Simmons-Talbott

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).