From: Érico Rolim Date: Tue, 27 Oct 2020 19:19:58 +0000 (-0300) Subject: unstrip: Stop using strndupa. X-Git-Tag: elfutils-0.182~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e7e4c92650892cf67210be5ea89ffba967427cbf;p=thirdparty%2Felfutils.git unstrip: Stop using strndupa. This functon has inherent safety issues, since a long enough path can lead to memory clobbering. Due to the recursive nature of make_directories(), multiple calls could also stack overflow. Instead, the string can be allocated in the heap. As a bonus, this improves musl compatibility, since musl doesn't include the strndupa macro for now. Also add braces around while loop. Signed-off-by: Érico Rolim --- diff --git a/src/ChangeLog b/src/ChangeLog index 112b2242a..7f923c5d6 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2020-10-27 Érico N. Rolim + + * unstrip.c (make_directories): Use strndup, not strndupa. + 2020-09-28 Mark Wielaard * readelf.c (next_listptr_offset): Take idx as pointer, to be updated diff --git a/src/unstrip.c b/src/unstrip.c index a855038af..0257d9cc3 100644 --- a/src/unstrip.c +++ b/src/unstrip.c @@ -311,12 +311,18 @@ make_directories (const char *path) if (lastslash == path) return; - char *dir = strndupa (path, lastslash - path); + char *dir = strndup (path, lastslash - path); + if (dir == NULL) + error(EXIT_FAILURE, errno, _("memory exhausted")); + while (mkdir (dir, 0777) < 0 && errno != EEXIST) - if (errno == ENOENT) - make_directories (dir); - else - error (EXIT_FAILURE, errno, _("cannot create directory '%s'"), dir); + { + if (errno == ENOENT) + make_directories (dir); + else + error (EXIT_FAILURE, errno, _("cannot create directory '%s'"), dir); + } + free (dir); } /* Keep track of new section data we are creating, so we can free it