diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | nis/nss_nis/nis-initgroups.c | 27 |
2 files changed, 23 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog index 6241a6369a..a2fc4b793f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,12 @@ 2018-06-25 Florian Weimer <fweimer@redhat.com> [BZ #18023] + * nis/nss_nis/nis-initgroups.c (get_uid, _nss_nis_initgroups_dyn): + Use struct scratch_buffer instead of extend_alloca. + +2018-06-25 Florian Weimer <fweimer@redhat.com> + + [BZ #18023] * nss/nss_compat/compat-initgroups.c (getgrent_next_nss): Fall back to malloc directly, without stack allocations. diff --git a/nis/nss_nis/nis-initgroups.c b/nis/nss_nis/nis-initgroups.c index a47b4d7ada..ca043d4e5a 100644 --- a/nis/nss_nis/nis-initgroups.c +++ b/nis/nss_nis/nis-initgroups.c @@ -16,7 +16,6 @@ License along with the GNU C Library; if not, see <http://www.gnu.org/licenses/>. */ -#include <alloca.h> #include <ctype.h> #include <errno.h> #include <grp.h> @@ -27,6 +26,7 @@ #include <rpcsvc/yp.h> #include <rpcsvc/ypclnt.h> #include <sys/param.h> +#include <scratch_buffer.h> #include "nss-nis.h" #include <libnsl.h> @@ -120,27 +120,30 @@ internal_getgrent_r (struct group *grp, char *buffer, size_t buflen, static int get_uid (const char *user, uid_t *uidp) { - size_t buflen = sysconf (_SC_GETPW_R_SIZE_MAX); - char *buf = (char *) alloca (buflen); + struct scratch_buffer tmpbuf; + scratch_buffer_init (&tmpbuf); while (1) { struct passwd result; struct passwd *resp; - int r = getpwnam_r (user, &result, buf, buflen, &resp); + int r = getpwnam_r (user, &result, tmpbuf.data, tmpbuf.length, &resp); if (r == 0 && resp != NULL) { *uidp = resp->pw_uid; + scratch_buffer_free (&tmpbuf); return 0; } if (r != ERANGE) break; - buf = extend_alloca (buf, buflen, 2 * buflen); + if (!scratch_buffer_grow (&tmpbuf)) + return 1; } + scratch_buffer_free (&tmpbuf); return 1; } @@ -254,8 +257,6 @@ _nss_nis_initgroups_dyn (const char *user, gid_t group, long int *start, } struct group grpbuf, *g; - size_t buflen = sysconf (_SC_GETPW_R_SIZE_MAX); - char *tmpbuf; enum nss_status status; intern_t intern = { NULL, NULL, 0 }; gid_t *groups = *groupsp; @@ -264,15 +265,20 @@ _nss_nis_initgroups_dyn (const char *user, gid_t group, long int *start, if (status != NSS_STATUS_SUCCESS) return status; - tmpbuf = __alloca (buflen); + struct scratch_buffer tmpbuf; + scratch_buffer_init (&tmpbuf); while (1) { while ((status = - internal_getgrent_r (&grpbuf, tmpbuf, buflen, errnop, + internal_getgrent_r (&grpbuf, tmpbuf.data, tmpbuf.length, errnop, &intern)) == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) - tmpbuf = extend_alloca (tmpbuf, buflen, 2 * buflen); + if (!scratch_buffer_grow (&tmpbuf)) + { + status = NSS_STATUS_TRYAGAIN; + goto done; + } if (status != NSS_STATUS_SUCCESS) { @@ -331,6 +337,7 @@ done: intern.start = intern.start->next; free (intern.next); } + scratch_buffer_free (&tmpbuf); return status; } |