alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere

Let's define two helpers strdupa_safe() + strndupa_safe() which do the
same as their non-safe counterparts, except that they abort if called
with allocations larger than ALLOCA_MAX.

This should ensure that all our alloca() based allocations are subject
to this limit.

afaics glibc offers three alloca() based APIs: alloca() itself,
strndupa() + strdupa(). With this we have now replacements for all of
them, that take the limit into account.

1 files changed, 4 insertions, 2 deletions

diff --git a/src/basic/log.c b/src/basic/log.c
index 5fd2c5dcb4..983e5bc69c 100644
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -1073,8 +1073,10 @@ int log_struct_iovec_internal(
 
         for (size_t i = 0; i < n_input_iovec; i++)
                 if (memory_startswith(input_iovec[i].iov_base, input_iovec[i].iov_len, "MESSAGE=")) {
-                        char *m = strndupa(input_iovec[i].iov_base + STRLEN("MESSAGE="),
-                                           input_iovec[i].iov_len - STRLEN("MESSAGE="));
+                        char *m;
+
+                        m = strndupa_safe((char*) input_iovec[i].iov_base + STRLEN("MESSAGE="),
+                                          input_iovec[i].iov_len - STRLEN("MESSAGE="));
 
                         return log_dispatch_internal(level, error, file, line, func, NULL, NULL, NULL, NULL, m);
                 }