[PATCH] Stop depending on strndupa.

[Érico Nogueira]

From: Érico Rolim <erico.erc@gmail.com>

This functon has inherent safety issues, since a long enough path can
lead to memory clobbering. Instead, limit the path length to PATH_MAX.

As a bonus, this improves musl compatibility, since musl doesn't include
the strndupa macro for now.

Also add braces around while loop.

Signed-off-by: Érico Rolim <erico.erc@gmail.com>
---
 src/unstrip.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/unstrip.c b/src/unstrip.c
index a855038a..1e3bf519 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -42,6 +42,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 #include <sys/stat.h>
 
 #include <gelf.h>
@@ -308,15 +309,22 @@ make_directories (const char *path)
 
   while (lastslash > path && lastslash[-1] == '/')
     --lastslash;
-  if (lastslash == path)
+
+  size_t pathlen = lastslash - path;
+  char dir[PATH_MAX];
+  if (pathlen == 0)
     return;
+  if (pathlen >= sizeof dir)
+    error (EXIT_FAILURE, 0, _("path is too long '%s'"), path);
 
-  char *dir = strndupa (path, lastslash - path);
-  while (mkdir (dir, 0777) < 0 && errno != EEXIST)
+  strncpy(dir, path, pathlen);
+  dir[pathlen] = 0;
+  while (mkdir (dir, 0777) < 0 && errno != EEXIST) {
     if (errno == ENOENT)
       make_directories (dir);
     else
       error (EXIT_FAILURE, errno, _("cannot create directory '%s'"), dir);
+  }
 }
 
 /* Keep track of new section data we are creating, so we can free it
-- 
2.29.0