diff options
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2021-06-10 00:41:35 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2021-06-23 08:54:13 +0530 |
| commit | e3217c7fd9e67aa2d53700bb1da9a966e73b9684 (patch) | |
| tree | 92ce340ce752510268401f64d215cdd14c0f1769 | |
| parent | e8d52b64a54ba9ed7778ca9ce1f084eb5808f8d1 (diff) | |
| download | glibc-e3217c7fd9e67aa2d53700bb1da9a966e73b9684.tar.gz | |
iconv: Remove alloca use in gconv-modules configuration parsing
The alloca sizes ought to be constrained to PATH_MAX, but replace them
with dynamic allocation to be safe. A static PATH_MAX array would
have worked too but Hurd does not have PATH_MAX and the code path is
not hot enough to micro-optimise this allocation. Revisit if any of
those realities change.
Reviewed-by: DJ Delorie <dj@redhat.com>
| -rw-r--r-- | iconv/gconv_conf.c | 17 | ||||
| -rw-r--r-- | iconv/iconvconfig.c | 17 |
2 files changed, 20 insertions, 14 deletions
diff --git a/iconv/gconv_conf.c b/iconv/gconv_conf.c index c8ad8099a4..3f2cef255b 100644 --- a/iconv/gconv_conf.c +++ b/iconv/gconv_conf.c @@ -559,15 +559,15 @@ __gconv_read_conf (void) for (cnt = 0; __gconv_path_elem[cnt].name != NULL; ++cnt) { -#define BUF_LEN elem_len + sizeof (gconv_conf_dirname) - const char *elem = __gconv_path_elem[cnt].name; size_t elem_len = __gconv_path_elem[cnt].len; - char *buf; /* No slash needs to be inserted between elem and gconv_conf_filename; elem already ends in a slash. */ - buf = alloca (BUF_LEN); + char *buf = malloc (elem_len + sizeof (gconv_conf_dirname)); + if (buf == NULL) + continue; + char *cp = __mempcpy (__mempcpy (buf, elem, elem_len), gconv_conf_filename, sizeof (gconv_conf_filename)); @@ -596,15 +596,16 @@ __gconv_read_conf (void) if (len > strlen (suffix) && strcmp (ent->d_name + len - strlen (suffix), suffix) == 0) { - /* LEN <= PATH_MAX so this alloca is not unbounded. */ - char *conf = alloca (BUF_LEN + len + 1); - cp = stpcpy (conf, buf); - sprintf (cp, "/%s", ent->d_name); + char *conf; + if (__asprintf (&conf, "%s/%s", buf, ent->d_name) < 0) + continue; read_conf_file (conf, elem, elem_len, &modules, &nmodules); + free (conf); } } __closedir (confdir); } + free (buf); } #endif diff --git a/iconv/iconvconfig.c b/iconv/iconvconfig.c index b2a868919c..c9607fb645 100644 --- a/iconv/iconvconfig.c +++ b/iconv/iconvconfig.c @@ -712,7 +712,6 @@ handle_file (const char *dir, const char *infile) static int handle_dir (const char *dir) { -#define BUF_LEN prefix_len + dirlen + sizeof "gconv-modules.d" char *cp; size_t dirlen = strlen (dir); bool found = false; @@ -726,7 +725,10 @@ handle_dir (const char *dir) } /* First, look for a gconv-modules file. */ - char buf[BUF_LEN]; + char *buf = malloc (prefix_len + dirlen + sizeof "gconv-modules.d"); + if (buf == NULL) + goto out; + cp = buf; if (dir[0] == '/') cp = mempcpy (cp, prefix, prefix_len); @@ -756,16 +758,19 @@ handle_dir (const char *dir) if (len > strlen (suffix) && strcmp (ent->d_name + len - strlen (suffix), suffix) == 0) { - /* LEN <= PATH_MAX so this alloca is not unbounded. */ - char *conf = alloca (BUF_LEN + len + 1); - cp = stpcpy (conf, buf); - sprintf (cp, "/%s", ent->d_name); + char *conf; + if (asprintf (&conf, "%s/%s", buf, ent->d_name) < 0) + continue; found |= handle_file (dir, conf); + free (conf); } } closedir (confdir); } + free (buf); + +out: if (!found) { error (0, errno, "failed to open gconv configuration files in `%s'", |