From 01dd2875f85213b26beefb66caad3564da89d1d1 Mon Sep 17 00:00:00 2001
From: Joe Simmons-Talbott <josimmon@redhat.com>
Date: Tue, 13 Jun 2023 15:16:31 -0400
Subject: [PATCH] grantpt: Get rid of alloca

Replace alloca with a scratch_buffer to avoid potential stack overflows.
Message-Id: <20230613191631.1080455-1-josimmon@redhat.com>
---
 sysdeps/unix/grantpt.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sysdeps/unix/grantpt.c b/sysdeps/unix/grantpt.c
index 38fce52576..226e7adb75 100644
--- a/sysdeps/unix/grantpt.c
+++ b/sysdeps/unix/grantpt.c
@@ -20,6 +20,7 @@
 #include <fcntl.h>
 #include <grp.h>
 #include <limits.h>
+#include <scratch_buffer.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/resource.h>
@@ -147,10 +148,19 @@ grantpt (int fd)
 	/* `sysconf' does not support _SC_GETGR_R_SIZE_MAX.
 	   Try a moderate value.  */
 	grbuflen = 1024;
-      grtmpbuf = (char *) __alloca (grbuflen);
+      struct scratch_buffer sbuf;
+      scratch_buffer_init (&sbuf);
+      if (!scratch_buffer_set_array_size (&sbuf, 1, grbuflen))
+	{
+	  retval = -1;
+	  goto cleanup;
+	}
+      grtmpbuf = sbuf.data;
       __getgrnam_r (TTY_GROUP, &grbuf, grtmpbuf, grbuflen, &p);
       if (p != NULL)
 	tty_gid = p->gr_gid;
+
+      scratch_buffer_free(&sbuf);
     }
   gid_t gid = tty_gid == -1 ? __getgid () : tty_gid;
 
-- 
2.43.5