Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 1 Jan 2014 14:54:11 -0500
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: musl & strndupa?

On Wed, Jan 01, 2014 at 07:42:47PM +0000, Raphael Cohn wrote:
> Hi,
> 
> I'm trying to compile 'audit' (aka libaudit, auditd, etc - from
> http://people.redhat.com/sgrubb/audit/index.html version 2.3.2). Using musl
> 0.9.14.
> 
> The file 'src/ausearch-lol.c' uses a reference to 'strndupa', which I
> presume is an alloca version of strndup, and presumably a _GNU_SOURCE
> feature. I can't seem to see a definition for it in musl, although strdupa
> exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests as
> much).
> 
> Is this intentional? If so, what would anyone suggest as a work around? My
> guess would be  #define strndupa(x, t) strncpy(alloca(strlen(x)+1),x,t)
> but I'd like a second opinion...

That's roughly the way to do it, but you need strnlen, not strlen, and
there are various other details like properly parenthesizing macro
arguments. In addition, there's no way to avoid multiple-evaluations
of arguments unless you use the GNU C statement-expressions extension.

It should be noted that almost any use of alloca is either a bug
(potentially exploitable stack overflow) or useless (because the size
is bounded and thus could/should just be replaced by a fixed-size
array). This is the main reason I've been hesitant to go to the
trouble of providing this and dealing with the multiple-evaluation or
#ifdef __GNUC__ issue -- really, any software using alloca (and by
extension, strdupa or strndupa) should be fixed.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.