From patchwork Tue Aug 8 18:28:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Simmons-Talbott X-Patchwork-Id: 73829 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id AF56C3858298 for ; Tue, 8 Aug 2023 18:29:12 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AF56C3858298 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1691519352; bh=EeK0fIDtpeWBRZvnGb2AqDvf0Z9KQBdr8Kp3pRcV2pU=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=oAS/m8/cO3LTK1L/IIHUhiLg6+DIZohqB0JSIiip9aY1l5hTJ6IwRq2frOxKruTel KWe3DwIkbWolT3ojeEa5lRGRYz1TNwgqUrwaHEXNSog2CYeDN2fP4cPW0oajZRUyuI jK3hc2yGZNm/gSoyBkfst7nJzGrcxfL+M3rq4nFM= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id DA9503858D20 for ; Tue, 8 Aug 2023 18:28:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DA9503858D20 Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-322-p3-Gc3qHMEmkc8DsJnPfUg-1; Tue, 08 Aug 2023 14:28:47 -0400 X-MC-Unique: p3-Gc3qHMEmkc8DsJnPfUg-1 Received: by mail-qk1-f199.google.com with SMTP id af79cd13be357-767564705f5so650434685a.1 for ; Tue, 08 Aug 2023 11:28:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691519326; x=1692124126; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EeK0fIDtpeWBRZvnGb2AqDvf0Z9KQBdr8Kp3pRcV2pU=; b=CattIWazdAy55PflInahGVZOjdWn5GoKFxeE9EL/+z6GVuWnLF7mBhb3pkIAtfX/d7 fU8ZVarikLeJ0etPtZxgdc8VSs8nlvhQrR63TRLHaTCWu3I1kizixi1BXnaYxw1Nbrt1 W0KZ6Kcnke6b6fqDZEUrGOXoK9PSJPjP+epticuP7Vch8RgaFrgbRi1Sj2j3aok3v8wr hyVs+EDDRY/GZ5xiZb6o6Q75vO4s7DQRa1/IQqvl4VW7nX7wiI5FMuTCSESesYS6VV2W lHQ0/bAO1dFxFLcB+xTN0kaLPiejvYA5dCEuIOymVdmXS7U/sUY5aAzfdJeQjh6J98qs lgTQ== X-Gm-Message-State: AOJu0YxTY+TZ3jOlxL3GCR+YhMrBSKhfoEU0bGYXqzWKlISAjpXZ7dnI Zvo7SbEB1Pf6A7PvH+osnQbsY6zMObhCE7bk81zWZF/GIPPVE71SDD0kNZfKJcaWZFjwfMTp/Yl l4LdTR8Am/Ka5MZ4YarMVkMIAAnRrML2puBZGNcQkkl4JwBr+d08LBThrwXHhbhLu8cc7iaPhww zmAfhg X-Received: by 2002:a05:620a:a85:b0:75e:bf51:29a6 with SMTP id v5-20020a05620a0a8500b0075ebf5129a6mr520340qkg.65.1691519326522; Tue, 08 Aug 2023 11:28:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFWb6+U8+u+tFj0jVYRsGpyt9FgknYf0y3qvPw2bLTqQMnnBvyWXP+sPCFv68pqhuvHY53x2A== X-Received: by 2002:a05:620a:a85:b0:75e:bf51:29a6 with SMTP id v5-20020a05620a0a8500b0075ebf5129a6mr520324qkg.65.1691519326218; Tue, 08 Aug 2023 11:28:46 -0700 (PDT) Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238]) by smtp.gmail.com with ESMTPSA id d13-20020a05620a140d00b00763b94432ebsm3467996qkj.18.2023.08.08.11.28.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Aug 2023 11:28:45 -0700 (PDT) To: libc-alpha@sourceware.org Cc: Joe Simmons-Talbott Subject: [PATCH v2] group_member: Get rid of unbounded alloca. Date: Tue, 8 Aug 2023 14:28:25 -0400 Message-ID: <20230808182843.678120-1-josimmon@redhat.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Joe Simmons-Talbott via Libc-alpha From: Joe Simmons-Talbott Reply-To: Joe Simmons-Talbott Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Replace a large alloca call with a scratch_buffer to avoid potential stack overflow. Because group_member doesn't return an error indicator abort if we are unable to allocate memory. Add a testcase. Checked on x86_64-linux-gnu. --- Changes to v1: * Update commit message and fix typo. posix/Makefile | 1 + posix/group_member.c | 27 +++++++++++++++----------- posix/tst-group_member.c | 41 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 11 deletions(-) create mode 100644 posix/tst-group_member.c diff --git a/posix/Makefile b/posix/Makefile index 3d368b91f6..7491ee8917 100644 --- a/posix/Makefile +++ b/posix/Makefile @@ -293,6 +293,7 @@ tests := \ tst-glob_symlinks \ tst-gnuglob \ tst-gnuglob64 \ + tst-group_member \ tst-mmap \ tst-mmap-offset \ tst-nanosleep \ diff --git a/posix/group_member.c b/posix/group_member.c index 22422b1f9f..42a4adb9b4 100644 --- a/posix/group_member.c +++ b/posix/group_member.c @@ -16,9 +16,10 @@ License along with the GNU C Library; if not, see . */ +#include +#include #include #include -#include #include #ifndef NGROUPS_MAX @@ -28,22 +29,26 @@ int __group_member (gid_t gid) { - int n, size; + int n; gid_t *groups; + struct scratch_buffer buf; + scratch_buffer_init (&buf); + + n = __getgroups (0, NULL); + if (!scratch_buffer_set_array_size (&buf, n, sizeof (*groups))) + abort (); + groups = buf.data; - size = NGROUPS_MAX; - do - { - groups = __alloca (size * sizeof *groups); - n = __getgroups (size, groups); - size *= 2; - } - while (n == size / 2); + n = __getgroups (n, groups); while (n-- > 0) if (groups[n] == gid) - return 1; + { + scratch_buffer_free (&buf); + return 1; + } + scratch_buffer_free (&buf); return 0; } weak_alias (__group_member, group_member) diff --git a/posix/tst-group_member.c b/posix/tst-group_member.c new file mode 100644 index 0000000000..7f70841832 --- /dev/null +++ b/posix/tst-group_member.c @@ -0,0 +1,41 @@ +/* Basic tests for group_member. + Copyright (C) 2023 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +#include + +static int do_test (void) +{ + int n; + gid_t *groups; + + n = getgroups (0, NULL); + groups = alloca (n * sizeof (*groups)); + n = getgroups (n, groups); + + while (n-- > 0) + TEST_COMPARE (1, group_member(groups[n])); + + return EXIT_SUCCESS; +} + +#include