qiurui
/
glibc
mirror of git://sourceware.org/git/glibc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

iconv: Remove alloca use in gconv-modules configuration parsing 

The alloca sizes ought to be constrained to PATH_MAX, but replace them
with dynamic allocation to be safe.  A static PATH_MAX array would
have worked too but Hurd does not have PATH_MAX and the code path is
not hot enough to micro-optimise this allocation.  Revisit if any of
those realities change.

Reviewed-by: DJ Delorie <dj@redhat.com>
This commit is contained in:
Siddhesh Poyarekar 2021-06-10 00:41:35 +05:30
parent e8d52b64a5
commit e3217c7fd9
2 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
iconv/gconv_conf.c
View File

@ -559,15 +559,15 @@ __gconv_read_conf (void)
for (cnt = 0; __gconv_path_elem[cnt].name != NULL; ++cnt) for (cnt = 0; __gconv_path_elem[cnt].name != NULL; ++cnt)
{ {
#define BUF_LEN elem_len + sizeof (gconv_conf_dirname)
const char *elem = __gconv_path_elem[cnt].name; const char *elem = __gconv_path_elem[cnt].name;
size_t elem_len = __gconv_path_elem[cnt].len; size_t elem_len = __gconv_path_elem[cnt].len;
char *buf;
/* No slash needs to be inserted between elem and gconv_conf_filename; /* No slash needs to be inserted between elem and gconv_conf_filename;
elem already ends in a slash. */ elem already ends in a slash. */
buf = alloca (BUF_LEN); char *buf = malloc (elem_len + sizeof (gconv_conf_dirname));
if (buf == NULL)
continue;
char *cp = __mempcpy (__mempcpy (buf, elem, elem_len), char *cp = __mempcpy (__mempcpy (buf, elem, elem_len),
gconv_conf_filename, sizeof (gconv_conf_filename)); gconv_conf_filename, sizeof (gconv_conf_filename));
@ -596,15 +596,16 @@ __gconv_read_conf (void)
if (len > strlen (suffix) if (len > strlen (suffix)
&& strcmp (ent->d_name + len - strlen (suffix), suffix) == 0) && strcmp (ent->d_name + len - strlen (suffix), suffix) == 0)
{ {
/* LEN <= PATH_MAX so this alloca is not unbounded. */ char *conf;
char *conf = alloca (BUF_LEN + len + 1); if (__asprintf (&conf, "%s/%s", buf, ent->d_name) < 0)
cp = stpcpy (conf, buf); continue;
sprintf (cp, "/%s", ent->d_name);
read_conf_file (conf, elem, elem_len, &modules, &nmodules); read_conf_file (conf, elem, elem_len, &modules, &nmodules);
free (conf);
} }
} }
__closedir (confdir); __closedir (confdir);
} }
free (buf);
} }
#endif #endif

17
iconv/iconvconfig.c
View File

@ -712,7 +712,6 @@ handle_file (const char *dir, const char *infile)
static int static int
handle_dir (const char *dir) handle_dir (const char *dir)
{ {
#define BUF_LEN prefix_len + dirlen + sizeof "gconv-modules.d"
char *cp; char *cp;
size_t dirlen = strlen (dir); size_t dirlen = strlen (dir);
bool found = false; bool found = false;
@ -726,7 +725,10 @@ handle_dir (const char *dir)
} }
/* First, look for a gconv-modules file. */ /* First, look for a gconv-modules file. */
char buf[BUF_LEN]; char *buf = malloc (prefix_len + dirlen + sizeof "gconv-modules.d");
if (buf == NULL)
goto out;
cp = buf; cp = buf;
if (dir[0] == '/') if (dir[0] == '/')
cp = mempcpy (cp, prefix, prefix_len); cp = mempcpy (cp, prefix, prefix_len);
@ -756,16 +758,19 @@ handle_dir (const char *dir)
if (len > strlen (suffix) if (len > strlen (suffix)
&& strcmp (ent->d_name + len - strlen (suffix), suffix) == 0) && strcmp (ent->d_name + len - strlen (suffix), suffix) == 0)
{ {
/* LEN <= PATH_MAX so this alloca is not unbounded. */ char *conf;
char *conf = alloca (BUF_LEN + len + 1); if (asprintf (&conf, "%s/%s", buf, ent->d_name) < 0)
cp = stpcpy (conf, buf); continue;
sprintf (cp, "/%s", ent->d_name);
found |= handle_file (dir, conf); found |= handle_file (dir, conf);
free (conf);
} }
} }
closedir (confdir); closedir (confdir);
} }
free (buf);
out:
if (!found) if (!found)
{ {
error (0, errno, "failed to open gconv configuration files in `%s'", error (0, errno, "failed to open gconv configuration files in `%s'",