From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 16722 invoked from network); 23 Oct 2022 15:14:01 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 23 Oct 2022 15:14:01 -0000 Received: (qmail 12155 invoked by uid 550); 23 Oct 2022 15:13:57 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 12120 invoked from network); 23 Oct 2022 15:13:56 -0000 Date: Sun, 23 Oct 2022 11:13:42 -0400 From: Rich Felker To: Ismael Luceno , musl@lists.openwall.com Message-ID: <20221023151342.GQ29905@brightrain.aerifal.cx> References: <20221022135723.31813-1-ismael@iodev.co.uk> <20221023054622.GP29905@brightrain.aerifal.cx> <20221023141046.GM2158779@port70.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221023141046.GM2158779@port70.net> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] [PATCH] remove strdupa On Sun, Oct 23, 2022 at 04:10:46PM +0200, Szabolcs Nagy wrote: > * Rich Felker [2022-10-23 01:46:22 -0400]: > > On Sat, Oct 22, 2022 at 03:57:23PM +0200, Ismael Luceno wrote: > > > There's no portable way to implement strdupa without double evaluation > > > of it's parameter, and it's use leads to vulnerabilities, since there's > > > no chance to check for stack overruns. > > > > > > Signed-off-by: Ismael Luceno > > > --- > > > include/string.h | 1 - > > > 1 file changed, 1 deletion(-) > > > > > > diff --git a/include/string.h b/include/string.h > > > index 43ad0942edd5..65fe0d503004 100644 > > > --- a/include/string.h > > > +++ b/include/string.h > > > @@ -88,7 +88,6 @@ void explicit_bzero (void *, size_t); > > > #endif > > > > > > #ifdef _GNU_SOURCE > > > -#define strdupa(x) strcpy(alloca(strlen(x)+1),x) > > > int strverscmp (const char *, const char *); > > > char *strchrnul(const char *, int); > > > char *strcasestr(const char *, const char *); > > > -- > > > 2.38.1 > > > > Does anyone have strong opinions one way or the other on this -- > > especially distro folks who'd need to deal with the fallout? > > debian code search finds strdupa in 126 packages, > so it is widely used and not trivial to manually fix up, > i'd expect distros to just readd that definition to avoid breakage. Distros can of course add it with an ugly -D'strdupa(x)=...' in CFLAGS too, or with a one-line patch to the affected packages to add the #define. I would kinda expect some of these (likely any using autotools or especially gnulib) already handle the case where it's not defined and define their own, so maybe it wouldn't actually be that much breakage (but of course this would also be a reduction in bug-catching). I think a reasonable (but unsatisfying) outcome of this thread might end up being "do nothing until there's action to greatly reduce the number of packages using strdupa" (or at least evaluate the situation and determine that most would not break). I would really like to avoid "improving" interfaces that are harmful and slated for removal, but I also don't want to make unnecessary new burden on distros/integrators/users. Rich