On Fri, Oct 24, 2014 at 07:08:44PM +0400, Ilya Verbin wrote:
> On 24 Oct 16:35, Jakub Jelinek wrote:
> > On Thu, Oct 23, 2014 at 07:41:12PM +0400, Ilya Verbin wrote:
> > > > malloc can fail, SIGSEGV in response to that is not desirable.
> > > > Can't you fallback to alloca, or use just alloca, or use alloca
> > > > with malloc fallback?
> > >
> > > I replaced it with alloca.
> >
> > There is a risk if a suid or otherwise priviledge escalated program
> > uses it and attacker passes huge env vars.
> > Perhaps use alloca if it is <= 2KB and malloc otherwise, and in that case
> > if malloc fails, just do a fatal error?
>
> Why is this more preferable than just a malloc + fatal error?
> This function is executed only once at plugin initialization, therefore no
> real
> performance gain could be achived.
Even if it is executed once, using malloc for short env vars that will be
the 99% of all cases sounds like waste of resources to me.
You already know the strlen of the vars, so it is just a matter of
comparing that and setting a bool flag.
Jakub
