diff mbox series

elf: Remove alloca usage from chroot_canon.

Message ID 20230919182404.727450-1-josimmon@redhat.com
State New
Headers
Series elf: Remove alloca usage from chroot_canon. |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
redhat-pt-bot/TryBot-32bit success Build for i686
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Testing passed
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm success Testing passed
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Testing passed

Commit Message

Joe Simmons-Talbott Sept. 19, 2023, 6:24 p.m. UTC 
  Replace alloca with scratch_buffers to prevent potential stack overflow.
---
 elf/chroot_canon.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/elf/chroot_canon.c b/elf/chroot_canon.c
index 63a1ae6dbb..a03a2998d2 100644
--- a/elf/chroot_canon.c
+++ b/elf/chroot_canon.c
@@ -15,6 +15,7 @@ 
    You should have received a copy of the GNU General Public License
    along with this program; if not, see <https://www.gnu.org/licenses/>.  */
 
+#include <scratch_buffer.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
@@ -49,6 +50,10 @@  chroot_canon (const char *chroot, const char *name)
   const char *rpath_limit;
   int num_links = 0;
   size_t chroot_len = strlen (chroot);
+  struct scratch_buffer sbuf;
+  scratch_buffer_init (&sbuf);
+  struct scratch_buffer extra_sbuf;
+  scratch_buffer_init (&extra_sbuf);
 
   if (chroot_len < 1)
     {
@@ -123,7 +128,9 @@  chroot_canon (const char *chroot, const char *name)
 
 	  if (S_ISLNK (st.st_mode))
 	    {
-	      char *buf = alloca (PATH_MAX);
+	      if (!scratch_buffer_set_array_size (&sbuf, 1, PATH_MAX))
+	        goto error;
+	      char *buf = sbuf.data;
 	      size_t len;
 
 	      if (++num_links > __eloop_threshold ())
@@ -142,7 +149,11 @@  chroot_canon (const char *chroot, const char *name)
 	      buf[n] = '\0';
 
 	      if (!extra_buf)
-		extra_buf = alloca (PATH_MAX);
+		{
+		  if (!scratch_buffer_set_array_size (&extra_sbuf, 1, PATH_MAX))
+		    goto error;
+		  extra_buf = extra_sbuf.data;
+		}
 
 	      len = strlen (end);
 	      if (len >= PATH_MAX - n)
@@ -168,10 +179,14 @@  chroot_canon (const char *chroot, const char *name)
   if (dest > rpath_root + 1 && dest[-1] == '/')
     --dest;
   *dest = '\0';
+  scratch_buffer_free (&sbuf);
+  scratch_buffer_free (&extra_sbuf);
 
   return rpath;
 
  error:
   free (rpath);
+  scratch_buffer_free (&sbuf);
+  scratch_buffer_free (&extra_sbuf);
   return NULL;
 }