* lib/get-permissions.c: Include walloc.h. (get_permissions): Use wreallocarray to fix possible integer overflow. * lib/set-permissions.c: Include stdint.h, walloc.h. (set_acls_from_mode): Use wgrowalloc instead of doing it by hand, fixing a possible integer overflow. * modules/acl-permissions (Depends-on): Add walloc. --- ChangeLog | 8 ++++++++ lib/get-permissions.c | 7 +++++-- lib/set-permissions.c | 19 +++++++------------ modules/acl-permissions | 1 + 4 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/ChangeLog b/ChangeLog index ebd74b5..d4173d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2017-06-04 Paul Eggert <[email protected]> + acl-permissions: use walloc + * lib/get-permissions.c: Include walloc.h. + (get_permissions): Use wreallocarray to fix possible integer overflow. + * lib/set-permissions.c: Include stdint.h, walloc.h. + (set_acls_from_mode): Use wgrowalloc instead of doing it by hand, + fixing a possible integer overflow. + * modules/acl-permissions (Depends-on): Add walloc. + dfa: use xwalloc instead of xalloc * NEWS: Mention dfa. * lib/dfa.c: Include xwalloc.h instead of xalloc.h, intprops.h. diff --git a/lib/get-permissions.c b/lib/get-permissions.c index dc77748..c8e1369 100644 --- a/lib/get-permissions.c +++ b/lib/get-permissions.c @@ -23,6 +23,7 @@ #include "acl.h" #include "acl-internal.h" +#include "walloc.h" /* Read the permissions of a file into CTX. If DESC is a valid file descriptor, use file descriptor operations, else use filename based operations on NAME. @@ -130,7 +131,8 @@ get_permissions (const char *name, int desc, mode_t mode, if (ctx->ace_count == 0) break; - ctx->ace_entries = (ace_t *) malloc (ctx->ace_count * sizeof (ace_t)); + ctx->ace_entries = (ace_t *) wreallocarray (NULL, ctx->ace_count, + sizeof (ace_t)); if (ctx->ace_entries == NULL) { errno = ENOMEM; @@ -185,7 +187,8 @@ get_permissions (const char *name, int desc, mode_t mode, if (ctx->count == 0) break; - ctx->entries = (aclent_t *) malloc (ctx->count * sizeof (aclent_t)); + ctx->entries = (aclent_t *) wreallocarray (NULL, ctx->count, + sizeof (aclent_t)); if (ctx->entries == NULL) { errno = ENOMEM; diff --git a/lib/set-permissions.c b/lib/set-permissions.c index 75bb2dc..14a28d0 100644 --- a/lib/set-permissions.c +++ b/lib/set-permissions.c @@ -21,7 +21,10 @@ #include "acl.h" +#include <stdint.h> + #include "acl-internal.h" +#include "walloc.h" #if USE_ACL # if ! defined HAVE_ACL_FROM_MODE && defined HAVE_ACL_FROM_TEXT /* FreeBSD, IRIX, Tru64 */ @@ -70,11 +73,7 @@ set_acls_from_mode (const char *name, int desc, mode_t mode, bool *must_chmod) { /* Initially, try to read the entries into a stack-allocated buffer. Use malloc if it does not fit. */ - enum - { - alloc_init = 4000 / sizeof (ace_t), /* >= 3 */ - alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (ace_t)) - }; + enum { alloc_init = 4000 / sizeof (ace_t) }; /* >= 3 */ ace_t buf[alloc_init]; size_t alloc = alloc_init; ace_t *entries = buf; @@ -90,13 +89,9 @@ set_acls_from_mode (const char *name, int desc, mode_t mode, bool *must_chmod) { /* Increase the size of the buffer. */ free (malloced); - if (alloc > alloc_max / 2) - { - errno = ENOMEM; - return -1; - } - alloc = 2 * alloc; /* <= alloc_max */ - entries = malloced = (ace_t *) malloc (alloc * sizeof (ace_t)); + entries = malloced = wgrowalloc (NULL, &alloc, 1, + MIN (INT_MAX, PTRDIFF_MAX), + sizeof *entries); if (entries == NULL) { errno = ENOMEM; diff --git a/modules/acl-permissions b/modules/acl-permissions index 49b91ff..b043d3d 100644 --- a/modules/acl-permissions +++ b/modules/acl-permissions @@ -16,6 +16,7 @@ extern-inline fstat stdbool sys_stat +walloc configure.ac: gl_FUNC_ACL -- 2.9.4
