Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Jan 2014 20:07:07 +0000
From: Raphael Cohn <raphael.cohn@...rmmq.com>
To: musl@...ts.openwall.com
Subject: Re: musl & strndupa?

Rich,

Thank you for the extremely informative and quick response! I suspect in
the small, understandable places that use this function in this package it
should be possible to avoid multiple evaluations (well, at least for this
version of the code; no g'tee that would hold).

Out of interest, I presume there's no guarantee that alloca is aligned?
It's not a feature I've ever used - it seems like a micro-optimisation for
tight loops that should be made as part of a decision by a higher-level
language (eg Vala, which, as I understand, doesn't).

BTW, This package has a few more issues than just musl ones... it doesn't
understand cross-compilation for starters, makes insane use of code
generation (always a big smell in my book, especially when done using a
compiled language). Looks like it suffers from not enough peer review /
usage...

Raphael Cohn
Chief Architect, stormmq
Co-Chair, OASIS MQTT Standard
Secretary, OASIS AMQP Standard
raphael.cohn@...rmmq.com
+44 7590 675 756

UK Office:
Hamblethorpe Farm, Crag Lane, Bradley BD20 9DB, North Yorkshire, United
Kingdom
Telephone: +44 845 3712 567

Registered office:
16 Anchor Street, Chelmsford, Essex, CM2 0JY, United Kingdom
StormMQ Limited is Registered in England and Wales under Company Number
07175657
StormMQ.com


On 1 January 2014 19:54, Rich Felker <dalias@...ifal.cx> wrote:

> On Wed, Jan 01, 2014 at 07:42:47PM +0000, Raphael Cohn wrote:
> > Hi,
> >
> > I'm trying to compile 'audit' (aka libaudit, auditd, etc - from
> > http://people.redhat.com/sgrubb/audit/index.html version 2.3.2). Using
> musl
> > 0.9.14.
> >
> > The file 'src/ausearch-lol.c' uses a reference to 'strndupa', which I
> > presume is an alloca version of strndup, and presumably a _GNU_SOURCE
> > feature. I can't seem to see a definition for it in musl, although
> strdupa
> > exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests
> as
> > much).
> >
> > Is this intentional? If so, what would anyone suggest as a work around?
> My
> > guess would be  #define strndupa(x, t) strncpy(alloca(strlen(x)+1),x,t)
> > but I'd like a second opinion...
>
> That's roughly the way to do it, but you need strnlen, not strlen, and
> there are various other details like properly parenthesizing macro
> arguments. In addition, there's no way to avoid multiple-evaluations
> of arguments unless you use the GNU C statement-expressions extension.
>
> It should be noted that almost any use of alloca is either a bug
> (potentially exploitable stack overflow) or useless (because the size
> is bounded and thus could/should just be replaced by a fixed-size
> array). This is the main reason I've been hesitant to go to the
> trouble of providing this and dealing with the multiple-evaluation or
> #ifdef __GNUC__ issue -- really, any software using alloca (and by
> extension, strdupa or strndupa) should be fixed.
>
> Rich
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.