[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Oct 2022 01:46:22 -0400
From: Rich Felker <dalias@...c.org>
To: Ismael Luceno <ismael@...ev.co.uk>
Cc: musl@...ts.openwall.com
Subject: Re: [PATCH] remove strdupa
On Sat, Oct 22, 2022 at 03:57:23PM +0200, Ismael Luceno wrote:
> There's no portable way to implement strdupa without double evaluation
> of it's parameter, and it's use leads to vulnerabilities, since there's
> no chance to check for stack overruns.
>
> Signed-off-by: Ismael Luceno <ismael@...ev.co.uk>
> ---
> include/string.h | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/include/string.h b/include/string.h
> index 43ad0942edd5..65fe0d503004 100644
> --- a/include/string.h
> +++ b/include/string.h
> @@ -88,7 +88,6 @@ void explicit_bzero (void *, size_t);
> #endif
>
> #ifdef _GNU_SOURCE
> -#define strdupa(x) strcpy(alloca(strlen(x)+1),x)
> int strverscmp (const char *, const char *);
> char *strchrnul(const char *, int);
> char *strcasestr(const char *, const char *);
> --
> 2.38.1
Does anyone have strong opinions one way or the other on this --
especially distro folks who'd need to deal with the fallout?
Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
