grantpt: Get rid of alloca
authorJoe Simmons-Talbott <josimmon@redhat.com>
Tue, 13 Jun 2023 19:16:31 +0000 (15:16 -0400)
committerSamuel Thibault <samuel.thibault@ens-lyon.org>
Sat, 17 Jun 2023 23:08:04 +0000 (01:08 +0200)
Replace alloca with a scratch_buffer to avoid potential stack overflows.
Message-Id: <20230613191631.1080455-1-josimmon@redhat.com>

sysdeps/unix/grantpt.c

index 38fce525761d8e31ccbcced14f1e9a2f68df5bf9..226e7adb75b5e7a6e01f78b51e15cf42ba05eae8 100644 (file)
@@ -20,6 +20,7 @@
 #include <fcntl.h>
 #include <grp.h>
 #include <limits.h>
+#include <scratch_buffer.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/resource.h>
@@ -147,10 +148,19 @@ grantpt (int fd)
        /* `sysconf' does not support _SC_GETGR_R_SIZE_MAX.
           Try a moderate value.  */
        grbuflen = 1024;
-      grtmpbuf = (char *) __alloca (grbuflen);
+      struct scratch_buffer sbuf;
+      scratch_buffer_init (&sbuf);
+      if (!scratch_buffer_set_array_size (&sbuf, 1, grbuflen))
+       {
+         retval = -1;
+         goto cleanup;
+       }
+      grtmpbuf = sbuf.data;
       __getgrnam_r (TTY_GROUP, &grbuf, grtmpbuf, grbuflen, &p);
       if (p != NULL)
        tty_gid = p->gr_gid;
+
+      scratch_buffer_free(&sbuf);
     }
   gid_t gid = tty_gid == -1 ? __getgid () : tty_gid;