From patchwork Mon Dec 18 18:44:57 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joseph Myers <joseph@codesourcery.com>
X-Patchwork-Id: 24993
Received: (qmail 129934 invoked by alias); 18 Dec 2017 18:45:17 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 129764 invoked by uid 89); 18 Dec 2017 18:45:04 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-24.5 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	RCVD_IN_DNSWL_NONE, SPF_PASS,
	URIBL_RED autolearn=ham version=3.3.2 spammy=
X-HELO: relay1.mentorg.com
Date: Mon, 18 Dec 2017 18:44:57 +0000
From: Joseph Myers <joseph@codesourcery.com>
To: <libc-alpha@sourceware.org>
Subject: Fix nscd readlink argument aliasing (bug 22446)
Message-ID: <alpine.DEB.2.20.1712181844230.26421@digraph.polyomino.org.uk>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
X-ClientProxiedBy: svr-ies-mbx-01.mgc.mentorg.com (139.181.222.1) To
	svr-ies-mbx-01.mgc.mentorg.com (139.181.222.1)

Current GCC mainline detects that nscd calls readlink with the same
buffer for both input and output, which is not valid (those arguments
are both restrict-qualified in POSIX).  This patch makes it use a
separate buffer for readlink's input (with a size that is sufficient
to avoid truncation, so there should be no problems with warnings
about possible truncation, though not strictly minimal, but much
smaller than the buffer for output) to avoid this problem.

Tested compilation for aarch64-linux-gnu with build-many-glibcs.py.

2017-12-18  Joseph Myers  <joseph@codesourcery.com>

	[BZ #22446]
	* nscd/connections.c (handle_request) [SO_PEERCRED]: Use separate
	buffers for readlink input and output.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

diff --git a/nscd/connections.c b/nscd/connections.c
index cc1ed72..dab722d 100644
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -1077,14 +1077,15 @@ cannot handle old request version %d; current version is %d"),
       if (debug_level > 0)
 	{
 #ifdef SO_PEERCRED
+	  char pbuf[sizeof ("/proc//exe") + 3 * sizeof (long int)];
 # ifdef PATH_MAX
 	  char buf[PATH_MAX];
 # else
 	  char buf[4096];
 # endif
 
-	  snprintf (buf, sizeof (buf), "/proc/%ld/exe", (long int) pid);
-	  ssize_t n = readlink (buf, buf, sizeof (buf) - 1);
+	  snprintf (pbuf, sizeof (pbuf), "/proc/%ld/exe", (long int) pid);
+	  ssize_t n = readlink (pbuf, buf, sizeof (buf) - 1);
 
 	  if (n <= 0)
 	    dbg_log (_("\