From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 29712 invoked from network); 23 Oct 2022 17:03:19 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 23 Oct 2022 17:03:19 -0000 Received: (qmail 5684 invoked by uid 550); 23 Oct 2022 17:03:16 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 5652 invoked from network); 23 Oct 2022 17:03:15 -0000 Date: Sun, 23 Oct 2022 13:03:01 -0400 From: Rich Felker To: Ismael Luceno , musl@lists.openwall.com Message-ID: <20221023170300.GS29905@brightrain.aerifal.cx> References: <20221022135723.31813-1-ismael@iodev.co.uk> <20221023054622.GP29905@brightrain.aerifal.cx> <20221023141046.GM2158779@port70.net> <20221023151342.GQ29905@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221023151342.GQ29905@brightrain.aerifal.cx> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] [PATCH] remove strdupa On Sun, Oct 23, 2022 at 11:13:42AM -0400, Rich Felker wrote: > On Sun, Oct 23, 2022 at 04:10:46PM +0200, Szabolcs Nagy wrote: > > * Rich Felker [2022-10-23 01:46:22 -0400]: > > > On Sat, Oct 22, 2022 at 03:57:23PM +0200, Ismael Luceno wrote: > > > > There's no portable way to implement strdupa without double evaluation > > > > of it's parameter, and it's use leads to vulnerabilities, since there's > > > > no chance to check for stack overruns. > > > > > > > > Signed-off-by: Ismael Luceno > > > > --- > > > > include/string.h | 1 - > > > > 1 file changed, 1 deletion(-) > > > > > > > > diff --git a/include/string.h b/include/string.h > > > > index 43ad0942edd5..65fe0d503004 100644 > > > > --- a/include/string.h > > > > +++ b/include/string.h > > > > @@ -88,7 +88,6 @@ void explicit_bzero (void *, size_t); > > > > #endif > > > > > > > > #ifdef _GNU_SOURCE > > > > -#define strdupa(x) strcpy(alloca(strlen(x)+1),x) > > > > int strverscmp (const char *, const char *); > > > > char *strchrnul(const char *, int); > > > > char *strcasestr(const char *, const char *); > > > > -- > > > > 2.38.1 > > > > > > Does anyone have strong opinions one way or the other on this -- > > > especially distro folks who'd need to deal with the fallout? > > > > debian code search finds strdupa in 126 packages, > > so it is widely used and not trivial to manually fix up, > > i'd expect distros to just readd that definition to avoid breakage. > > Distros can of course add it with an ugly -D'strdupa(x)=...' in CFLAGS > too, or with a one-line patch to the affected packages to add the > #define. I would kinda expect some of these (likely any using > autotools or especially gnulib) already handle the case where it's not > defined and define their own, so maybe it wouldn't actually be that > much breakage (but of course this would also be a reduction in > bug-catching). > > I think a reasonable (but unsatisfying) outcome of this thread might > end up being "do nothing until there's action to greatly reduce the > number of packages using strdupa" (or at least evaluate the situation > and determine that most would not break). I would really like to avoid > "improving" interfaces that are harmful and slated for removal, but I > also don't want to make unnecessary new burden on > distros/integrators/users. Extra data points from discussion on #alpine-devel: at least MacOS and FreeBSD lack a strdupa macro. This means pretty much anything using it is either non-portable OS-specific software or already has checks and fallback cases for when it doesn't exist. So the breakage from removing it might be very low. Rich