From: Érico Rolim <erico....@gmail.com>
This functon has inherent safety issues, since a long enough path can
lead to memory clobbering. Due to the recursive nature of
make_directories(), multiple calls could also stack overflow. Instead,
the string can be allocated in the heap.
As a bonus, this improves musl compatibility, since musl doesn't include
the strndupa macro for now.
Also add braces around while loop.
Signed-off-by: Érico Rolim <erico....@gmail.com>
---
ChangeLog | 4 ++++
src/unstrip.c | 16 +++++++++++-----
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 72e8397c..f82010f8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2020-10-27 Érico N. Rolim <erico....@gmail.com>
+
+ * unstrip: Stop using strndupa.
+
2020-10-01 Frank Ch. Eigler <f...@redhat.com>
PR25461
diff --git a/src/unstrip.c b/src/unstrip.c
index a855038a..0257d9cc 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -311,12 +311,18 @@ make_directories (const char *path)
if (lastslash == path)
return;
- char *dir = strndupa (path, lastslash - path);
+ char *dir = strndup (path, lastslash - path);
+ if (dir == NULL)
+ error(EXIT_FAILURE, errno, _("memory exhausted"));
+
while (mkdir (dir, 0777) < 0 && errno != EEXIST)
- if (errno == ENOENT)
- make_directories (dir);
- else
- error (EXIT_FAILURE, errno, _("cannot create directory '%s'"), dir);
+ {
+ if (errno == ENOENT)
+ make_directories (dir);
+ else
+ error (EXIT_FAILURE, errno, _("cannot create directory '%s'"), dir);
+ }
+ free (dir);
}
/* Keep track of new section data we are creating, so we can free it
--
2.29.0
