From 561052ad35d7004a6f69c772a6a2a106e436f950 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 8 Apr 2015 20:58:58 +0200 Subject: [PATCH] nscd_getgr_r: Use struct scratch_buffer instead of extend_alloca The lack of alloca accounting means that the old code could run out of stack space if multiple retries are needed. --- ChangeLog | 1 + nscd/nscd_getgr_r.c | 18 +++++++++--------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 93583afc00..fd79b12823 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,7 @@ * nis/nss_compat/compat-initgroups.c (_nss_compat_initgroups_dyn): Rewrite to use struct scratch_buffer instead of extend_alloca. * inet/getnameinfo.c (nrl_domainname, getnameinfo): Likewise. + * nscd/nscd_getgr_r.c (nscd_getgr_r): Likewise. 2015-04-08 Joseph Myers diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c index 7e45ee59f5..d08b73f3cb 100644 --- a/nscd/nscd_getgr_r.c +++ b/nscd/nscd_getgr_r.c @@ -31,6 +31,7 @@ #include #include #include <_itoa.h> +#include #include "nscd-client.h" #include "nscd_proto.h" @@ -89,7 +90,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, int gc_cycle; int nretries = 0; const uint32_t *len = NULL; - size_t lensize = 0; + struct scratch_buffer lenbuf; + scratch_buffer_init (&lenbuf); /* If the mapping is available, try to search there instead of communicating with the nscd. */ @@ -200,14 +202,10 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, else { /* Allocate array to store lengths. */ - if (lensize == 0) - { - lensize = gr_resp.gr_mem_cnt * sizeof (uint32_t); - len = (uint32_t *) alloca (lensize); - } - else if (gr_resp.gr_mem_cnt * sizeof (uint32_t) > lensize) - len = extend_alloca (len, lensize, - gr_resp.gr_mem_cnt * sizeof (uint32_t)); + if (!scratch_buffer_set_array_size + (&lenbuf, gr_resp.gr_mem_cnt, sizeof (uint32_t))) + goto out_close; + len = lenbuf.data; vec[0].iov_base = (void *) len; vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t); @@ -326,5 +324,7 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, goto retry; } + scratch_buffer_free (&lenbuf); + return retval; } -- 2.43.5