Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20221023054622.GP29905@brightrain.aerifal.cx>
Date: Sun, 23 Oct 2022 01:46:22 -0400
From: Rich Felker <dalias@...c.org>
To: Ismael Luceno <ismael@...ev.co.uk>
Cc: musl@...ts.openwall.com
Subject: Re: [PATCH] remove strdupa

On Sat, Oct 22, 2022 at 03:57:23PM +0200, Ismael Luceno wrote:
> There's no portable way to implement strdupa without double evaluation
> of it's parameter, and it's use leads to vulnerabilities, since there's
> no chance to check for stack overruns.
> 
> Signed-off-by: Ismael Luceno <ismael@...ev.co.uk>
> ---
>  include/string.h | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/include/string.h b/include/string.h
> index 43ad0942edd5..65fe0d503004 100644
> --- a/include/string.h
> +++ b/include/string.h
> @@ -88,7 +88,6 @@ void explicit_bzero (void *, size_t);
>  #endif
>  
>  #ifdef _GNU_SOURCE
> -#define	strdupa(x)	strcpy(alloca(strlen(x)+1),x)
>  int strverscmp (const char *, const char *);
>  char *strchrnul(const char *, int);
>  char *strcasestr(const char *, const char *);
> -- 
> 2.38.1

Does anyone have strong opinions one way or the other on this --
especially distro folks who'd need to deal with the fallout?

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.