about summary refs log tree commit diff
path: root/posix
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2018-06-27 17:54:44 +0200
committerFlorian Weimer <fweimer@redhat.com>2018-06-27 17:54:44 +0200
commit4272059de256fb20a7b19b5f8509e0c8d27beaf4 (patch)
treed4b75ea8fd90aedaa1d3a723eba8ac5060f783cd /posix
parent95f8ae8c83a049a100c7750d3496c59ba47626cd (diff)
downloadglibc-4272059de256fb20a7b19b5f8509e0c8d27beaf4.tar.gz
glibc-4272059de256fb20a7b19b5f8509e0c8d27beaf4.tar.xz
glibc-4272059de256fb20a7b19b5f8509e0c8d27beaf4.zip
wordexp: Rewrite parse_tilde to use struct scratch_buffer [BZ #18023]
Diffstat (limited to 'posix')
-rw-r--r--posix/wordexp.c46
1 files changed, 29 insertions, 17 deletions
diff --git a/posix/wordexp.c b/posix/wordexp.c
index 0b669a8f5e..7548e0329f 100644
--- a/posix/wordexp.c
+++ b/posix/wordexp.c
@@ -17,7 +17,6 @@
    License along with the GNU C Library; if not, see
    <http://www.gnu.org/licenses/>.  */
 
-#include <alloca.h>
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -41,6 +40,7 @@
 #include <wchar.h>
 #include <wordexp.h>
 #include <kernel-features.h>
+#include <scratch_buffer.h>
 
 #include <libc-lock.h>
 #include <_itoa.h>
@@ -299,12 +299,7 @@ parse_tilde (char **word, size_t *word_length, size_t *max_length,
   if (i == 1 + *offset)
     {
       /* Tilde appears on its own */
-      uid_t uid;
-      struct passwd pwd, *tpwd;
-      int buflen = 1000;
       char* home;
-      char* buffer;
-      int result;
 
       /* POSIX.2 says ~ expands to $HOME and if HOME is unset the
 	 results are unspecified.  We do a lookup on the uid if
@@ -319,25 +314,38 @@ parse_tilde (char **word, size_t *word_length, size_t *max_length,
 	}
       else
 	{
-	  uid = __getuid ();
-	  buffer = __alloca (buflen);
-
-	  while ((result = __getpwuid_r (uid, &pwd, buffer, buflen, &tpwd)) != 0
+	  struct passwd pwd, *tpwd;
+	  uid_t uid = __getuid ();
+	  int result;
+	  struct scratch_buffer tmpbuf;
+	  scratch_buffer_init (&tmpbuf);
+
+	  while ((result = __getpwuid_r (uid, &pwd,
+					 tmpbuf.data, tmpbuf.length,
+					 &tpwd)) != 0
 		 && errno == ERANGE)
-	    buffer = extend_alloca (buffer, buflen, buflen + 1000);
+	    if (!scratch_buffer_grow (&tmpbuf))
+	      return WRDE_NOSPACE;
 
 	  if (result == 0 && tpwd != NULL && pwd.pw_dir != NULL)
 	    {
 	      *word = w_addstr (*word, word_length, max_length, pwd.pw_dir);
 	      if (*word == NULL)
-		return WRDE_NOSPACE;
+		{
+		  scratch_buffer_free (&tmpbuf);
+		  return WRDE_NOSPACE;
+		}
 	    }
 	  else
 	    {
 	      *word = w_addchar (*word, word_length, max_length, '~');
 	      if (*word == NULL)
-		return WRDE_NOSPACE;
+		{
+		  scratch_buffer_free (&tmpbuf);
+		  return WRDE_NOSPACE;
+		}
 	    }
+	  scratch_buffer_free (&tmpbuf);
 	}
     }
   else
@@ -345,13 +353,15 @@ parse_tilde (char **word, size_t *word_length, size_t *max_length,
       /* Look up user name in database to get home directory */
       char *user = strndupa (&words[1 + *offset], i - (1 + *offset));
       struct passwd pwd, *tpwd;
-      int buflen = 1000;
-      char* buffer = __alloca (buflen);
       int result;
+      struct scratch_buffer tmpbuf;
+      scratch_buffer_init (&tmpbuf);
 
-      while ((result = __getpwnam_r (user, &pwd, buffer, buflen, &tpwd)) != 0
+      while ((result = __getpwnam_r (user, &pwd, tmpbuf.data, tmpbuf.length,
+				     &tpwd)) != 0
 	     && errno == ERANGE)
-	buffer = extend_alloca (buffer, buflen, buflen + 1000);
+	if (!scratch_buffer_grow (&tmpbuf))
+	  return WRDE_NOSPACE;
 
       if (result == 0 && tpwd != NULL && pwd.pw_dir)
 	*word = w_addstr (*word, word_length, max_length, pwd.pw_dir);
@@ -363,6 +373,8 @@ parse_tilde (char **word, size_t *word_length, size_t *max_length,
 	    *word = w_addstr (*word, word_length, max_length, user);
 	}
 
+      scratch_buffer_free (&tmpbuf);
+
       *offset = i - 1;
     }
   return *word ? 0 : WRDE_NOSPACE;