Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20170117193947.GG1533@brightrain.aerifal.cx>
Date: Tue, 17 Jan 2017 14:39:47 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Re: Implementation of GLOB_TILDE

On Tue, Jan 17, 2017 at 03:49:03PM +0000, Bernardo Pascoal Figueiredo wrote:
> >I have a few questions though:
> > * How do I contribute to musl? Should I just send patches to this
> >mailing list

This is the preferred way, yes.

> > * I defined GLOB_TILDE as 0x100, but I think this won't work on
> >architectures
> >   that have sizeof(int) == 2, as the flags argument in glob is an int.

That's not an issue. (1) POSIX requires >=32bit int; musl is even more
restrictive. (2) 0xff is 8 bits, not 16. Even ISO C requires 0x100 to
fit in int. You do need to match whatever value glibc uses, though; I
haven't checked that.

> > * I think it's best to define GLOB_TILDE in glob.h inside a '#if
> >   defined(_GNU_SOURCE) || defined(_BSD_SOURCE)' what do you think?
> >
> > * I had to copy strlcat and strlcpy to glob.c so I could use
> >them. I had to do
> >   this because musl isn't compile as _GNU_SOURCE or _BSD_SOURCE
> >so string.h
> >   doesn't expose these functions. How should I fix this?

Just don't use them. The same thing can be achieved much better with
portable functions strnlen and memcpy.

Note that even if you added #define for _GNU_SOURCE to this file, you
couldn't reference these functions because then a function in the
standard namespace would depend on symbols in nonstandard namespace.

> diff --git a/src/regex/glob.c b/src/regex/glob.c
> index 5b6ff124..f40da380 100644
> --- a/src/regex/glob.c
> +++ b/src/regex/glob.c
> @@ -8,6 +8,9 @@
>  #include <errno.h>
>  #include <stddef.h>
>  #include "libc.h"
> +#include <stdbool.h>

Just use int for boolean values; bool is not idiomatic in musl.

> +/*"~" or "~/(...)" case*/
> +static bool expand_tilde_cur_user(const char *pat_after_tilde, char *new_pat, size_t new_pat_size)
> +{
> +	char *home;
> +	struct passwd pw_store, *pw_result;
> +	char pw_buf[1024];
> +
> +	/*FIXME: add check for issetugid as in libc of openbsd?*/
> +	home = getenv("HOME");
> +	if(home == NULL) {
> +		getpwuid_r(getuid(), &pw_store, pw_buf, sizeof(pw_buf), &pw_result);
> +		if(pw_result == NULL) {
> +			return false;
> +		}
> +		home = pw_store.pw_dir;
> +	}
> +
> +	return glob_strlcpy(new_pat, home, new_pat_size) < new_pat_size
> +		&& glob_strlcat(new_pat, pat_after_tilde, new_pat_size) < new_pat_size;
> +}
> +
> +/* "~user/(...) case*/
> +static bool expand_tilde_named_user(const char *pat_after_tilde, char *new_pat, size_t new_pat_size)
> +{
> +	struct passwd pw_store, *pw_result;
> +	char pw_buf[1024], username[1024];
> +	const char *slash_pos = strchr(pat_after_tilde, '/');
> +	if(slash_pos == NULL) {
> +		return false;
> +	}
> +
> +	ptrdiff_t pat_username_size = slash_pos - pat_after_tilde;
> +	if(pat_username_size <= 0 || pat_username_size >= sizeof(username)) {
> +		return false;
> +	}
> +	strncpy(username, pat_after_tilde, pat_username_size);
> +	username[pat_username_size] = '\0';
> +
> +	getpwnam_r(username, &pw_store, pw_buf, sizeof(pw_buf), &pw_result);
> +	if (pw_result == NULL)
> +		return false;
> +
> +	return glob_strlcpy(new_pat, pw_store.pw_dir, new_pat_size) < new_pat_size
> +		&& glob_strlcat(new_pat, slash_pos, new_pat_size) < new_pat_size;
> +}

It should be possible to reduce this code considerably, and to avoid
some of the large stack buffers. Certainly username[] does not need to
be 1k; I believe there's a macro for the max supported in limits.h or
such and it's something like 16 or 32 bytes.

>  int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, int err), glob_t *restrict g)
>  {
> -	const char *p=pat, *d;
> +	const char *p, *d;
> +	char new_pat[PATH_MAX + 1];
>  	struct match head = { .next = NULL }, *tail = &head;
>  	size_t cnt, i;
>  	size_t offs = (flags & GLOB_DOOFFS) ? g->gl_offs : 0;
>  	int error = 0;
> +
> +	/*even if expanding fails(e.g. expansion make pat too big)
> +	 * we should try to match the ~ or ~user literally*/
> +	bool should_expand_tilde = (flags & GLOB_TILDE) && (pat[0] == '~');
> +	if(should_expand_tilde && expand_tilde(pat, new_pat, sizeof(new_pat))) {
> +		p = new_pat;
> +	} else {
> +		p = pat;
> +	}

Don't introduce gratuitous variables for expressions used just once.
The conditions going into that bool can just be part of the if.

I haven't checked what happens when the input pat is too long to fit
in new_pat. This needs to be an error condition, not silent
truncation, but error conditions can't be handled until further down;
see commit 769f53598e781ffc89191520f3f8a93cb58db91f for why. Also,
new_pat should probably be a VLA whose length is 1 unless tilde
expansion is needed, and PATH_MAX otherwise, so that glob doesn't blow
an extra page on the stack when tilde expansion is not in use.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.