Merge pull request #2821 from brauner/2019-02-05/remove_stack_allocation

tree-wide: wipe alloca() from the codebase

src/include/lxcmntent.c

@@ -21,7 +21,7 @@
 #ifndef _GNU_SOURCE
 #define _GNU_SOURCE 1
 #endif
-#include <alloca.h>
+#include <errno.h>
 #include <mntent.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -160,14 +160,17 @@ FILE *setmntent(const char *file, const char *mode)
 	 * I/O functions and "e" to set FD_CLOEXEC.
 	 */
 	size_t modelen = strlen(mode);
-	char *newmode;
+	char newmode[256];
 
-	newmode = alloca(modelen + 3);
+	if (modelen >= (sizeof(newmode) - 3)) {
+		errno = -EFBIG;
+		return NULL;
+	}
 
 	memcpy(newmode, mode, modelen);
 	memcpy(newmode + modelen, "ce", 3);
 
-	return fopen (file, newmode);
+	return fopen(file, newmode);
 }
 
 /* Close a stream opened with `setmntent'. */

src/lxc/Makefile.am

@@ -21,6 +21,7 @@ noinst_HEADERS = api_extensions.h \
 		 lxc.h \
 		 lxclock.h \
 		 macro.h \
+		 memory_utils.h \
 		 monitor.h \
 		 namespace.h \
 		 raw_syscalls.h \
@@ -112,6 +113,7 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \
 		    lxclock.c lxclock.h \
 		    lxcseccomp.h \
 		    macro.h \
+		    memory_utils.h \
 		    mainloop.c mainloop.h \
 		    namespace.c namespace.h \
 		    nl.c nl.h \
@@ -366,9 +368,11 @@ lxc_monitord_SOURCES = cmd/lxc_monitord.c \
 lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \
 		       ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \
 		       log.c log.h \
+		       memory_utils.h \
 		       network.c network.h \
 		       parse.c parse.h \
 		       raw_syscalls.c raw_syscalls.h \
+		       string_utils.c string_utils.h \
 		       syscall_wrappers.h
 lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
 			 conf.c conf.h \
@@ -429,6 +433,7 @@ pam_LTLIBRARIES = pam_cgfs.la
 pam_cgfs_la_SOURCES = pam/pam_cgfs.c \
 		      file_utils.c file_utils.h \
 		      macro.h \
+		      memory_utils.h \
 		      string_utils.c string_utils.h
 
 if !HAVE_STRLCAT

src/lxc/cgroups/cgfsng.c

@@ -58,6 +58,7 @@
 #include "config.h"
 #include "log.h"
 #include "macro.h"
+#include "memory_utils.h"
 #include "storage/storage.h"
 #include "utils.h"
 
@@ -888,15 +889,18 @@ static bool controller_in_clist(char *cgline, char *c)
 		return false;
 
 	len = eol - cgline;
-	tmp = alloca(len + 1);
+	tmp = must_realloc(NULL, len + 1);
 	memcpy(tmp, cgline, len);
 	tmp[len] = '\0';
 
 	lxc_iterate_parts(tok, tmp, ",") {
-		if (strcmp(tok, c) == 0)
+		if (strcmp(tok, c) == 0) {
+			free(tmp);
 			return true;
+		}
 	}
 
+	free(tmp);
 	return false;
 }
 
@@ -2209,15 +2213,12 @@ __cgfsng_ops static int cgfsng_get(struct cgroup_ops *ops, const char *filename,
 				     char *value, size_t len, const char *name,
 				     const char *lxcpath)
 {
-	int ret = -1;
-	size_t controller_len;
-	char *controller, *p, *path;
+	__do_free char *controller;
+	char *p, *path;
 	struct hierarchy *h;
+	int ret = -1;
 
-	controller_len = strlen(filename);
-	controller = alloca(controller_len + 1);
-	(void)strlcpy(controller, filename, controller_len + 1);
-
+	controller = must_copy_string(filename);
 	p = strchr(controller, '.');
 	if (p)
 		*p = '\0';
@@ -2248,15 +2249,12 @@ __cgfsng_ops static int cgfsng_set(struct cgroup_ops *ops,
 				     const char *filename, const char *value,
 				     const char *name, const char *lxcpath)
 {
-	int ret = -1;
-	size_t controller_len;
-	char *controller, *p, *path;
+	__do_free char *controller;
+	char *p, *path;
 	struct hierarchy *h;
+	int ret = -1;
 
-	controller_len = strlen(filename);
-	controller = alloca(controller_len + 1);
-	(void)strlcpy(controller, filename, controller_len + 1);
-
+	controller = must_copy_string(filename);
 	p = strchr(controller, '.');
 	if (p)
 		*p = '\0';
@@ -2363,18 +2361,14 @@ static int convert_devpath(const char *invalue, char *dest)
 static int cg_legacy_set_data(struct cgroup_ops *ops, const char *filename,
 			      const char *value)
 {
-	size_t len;
+	__do_free char *controller;
 	char *fullpath, *p;
 	/* "b|c <2^64-1>:<2^64-1> r|w|m" = 47 chars max */
 	char converted_value[50];
 	struct hierarchy *h;
 	int ret = 0;
-	char *controller = NULL;
-
-	len = strlen(filename);
-	controller = alloca(len + 1);
-	(void)strlcpy(controller, filename, len + 1);
 
+	controller = must_copy_string(filename);
 	p = strchr(controller, '.');
 	if (p)
 		*p = '\0';

src/lxc/cmd/lxc_user_nic.c

@@ -49,9 +49,11 @@
 
 #include "config.h"
 #include "log.h"
+#include "memory_utils.h"
 #include "network.h"
 #include "parse.h"
 #include "raw_syscalls.h"
+#include "string_utils.h"
 #include "syscall_wrappers.h"
 #include "utils.h"
 
@@ -838,13 +840,12 @@ static char *get_nic_if_avail(int fd, struct alloted_s *names, int pid,
 
 static bool create_db_dir(char *fnam)
 {
-	int ret;
+	__do_free char *copy;
 	char *p;
-	size_t len;
+	int ret;
 
-	len = strlen(fnam);
-	p = alloca(len + 1);
-	(void)strlcpy(p, fnam, len + 1);
+	copy = must_copy_string(fnam);
+	p = copy;
 	fnam = p;
 	p = p + 1;
 

src/lxc/commands.c

@@ -48,6 +48,7 @@
 #include "lxc.h"
 #include "lxclock.h"
 #include "mainloop.h"
+#include "memory_utils.h"
 #include "monitor.h"
 #include "start.h"
 #include "terminal.h"
@@ -524,8 +525,8 @@ char *lxc_cmd_get_config_item(const char *name, const char *item,
 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
 					    struct lxc_handler *handler)
 {
+	__do_free char *cidata = NULL;
 	int cilen;
-	char *cidata;
 	struct lxc_config_t *item;
 	struct lxc_cmd_rsp rsp;
 
@@ -538,7 +539,7 @@ static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
 	if (cilen <= 0)
 		goto err1;
 
-	cidata = alloca(cilen + 1);
+	cidata = must_realloc(NULL, cilen + 1);
 	if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
 		goto err1;
 
@@ -1103,9 +1104,9 @@ static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
 			   struct lxc_epoll_descr *descr)
 {
+	__do_free void *reqdata = NULL;
 	int ret;
 	struct lxc_cmd_req req;
-	void *reqdata = NULL;
 	struct lxc_handler *handler = data;
 
 	ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
@@ -1143,21 +1144,7 @@ static int lxc_cmd_handler(int fd, uint32_t events, void *data,
 	}
 
 	if (req.datalen > 0) {
-		/* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
-		 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
-		 */
-		if (req.cmd == LXC_CMD_CONSOLE_LOG)
-			reqdata = malloc(req.datalen);
-		else
-			reqdata = alloca(req.datalen);
-		if (!reqdata) {
-			ERROR("Failed to allocate memory for \"%s\" command",
-			      lxc_cmd_str(req.cmd));
-			errno = ENOMEM;
-			ret = -ENOMEM;
-			goto out_close;
-		}
-
+		reqdata = must_realloc(NULL, req.datalen);
 		ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
 		if (ret != req.datalen) {
 			WARN("Failed to receive full command request. Ignoring "
@@ -1177,9 +1164,6 @@ static int lxc_cmd_handler(int fd, uint32_t events, void *data,
 	}
 
 out:
-	if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
-		free(reqdata);
-
 	return ret;
 
 out_close:

src/lxc/commands_utils.c

@@ -38,6 +38,7 @@
 #include "initutils.h"
 #include "log.h"
 #include "lxclock.h"
+#include "memory_utils.h"
 #include "monitor.h"
 #include "state.h"
 #include "utils.h"
@@ -102,9 +103,9 @@ int lxc_make_abstract_socket_name(char *path, size_t pathlen,
 				  const char *hashed_sock_name,
 				  const char *suffix)
 {
+	__do_free char *tmppath = NULL;
 	const char *name;
 	char *offset;
-	char *tmppath;
 	size_t len;
 	size_t tmplen;
 	uint64_t hash;
@@ -153,7 +154,7 @@ int lxc_make_abstract_socket_name(char *path, size_t pathlen,
 
 	/* ret >= len; lxcpath or name is too long.  hash both */
 	tmplen = strlen(name) + strlen(lxcpath) + 2;
-	tmppath = alloca(tmplen);
+	tmppath = must_realloc(NULL, tmplen);
 	ret = snprintf(tmppath, tmplen, "%s/%s", lxcpath, name);
 	if (ret < 0 || (size_t)ret >= tmplen) {
 		ERROR("Failed to create abstract socket name");

src/lxc/conf.c

@@ -67,6 +67,7 @@
 #include "lxclock.h"
 #include "lxcseccomp.h"
 #include "macro.h"
+#include "memory_utils.h"
 #include "namespace.h"
 #include "network.h"
 #include "parse.h"
@@ -486,8 +487,9 @@ int run_script_argv(const char *name, unsigned int hook_version,
 
 int run_script(const char *name, const char *section, const char *script, ...)
 {
+	__do_free char *buffer = NULL;
 	int ret;
-	char *buffer, *p;
+	char *p;
 	va_list ap;
 	size_t size = 0;
 
@@ -508,7 +510,7 @@ int run_script(const char *name, const char *section, const char *script, ...)
 	if (size > INT_MAX)
 		return -1;
 
-	buffer = alloca(size);
+	buffer = must_realloc(NULL, size);
 	ret = snprintf(buffer, size, "exec %s %s %s", script, name, section);
 	if (ret < 0 || ret >= size)
 		return -1;
@@ -1136,16 +1138,16 @@ static int lxc_create_ttys(struct lxc_handler *handler)
 static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs,
 			 const char *lxcpath)
 {
+	__do_free char *path = NULL;
 	int ret;
 	size_t clen;
-	char *path;
 	mode_t cur_mask;
 
 	INFO("Preparing \"/dev\"");
 
 	/* $(rootfs->mount) + "/dev/pts" + '\0' */
 	clen = (rootfs->path ? strlen(rootfs->mount) : 0) + 9;
-	path = alloca(clen);
+	path = must_realloc(NULL, clen);
 
 	ret = snprintf(path, clen, "%s/dev", rootfs->path ? rootfs->mount : "");
 	if (ret < 0 || (size_t)ret >= clen)
@@ -2560,6 +2562,7 @@ static int setup_caps(struct lxc_list *caps)
 
 static int dropcaps_except(struct lxc_list *caps)
 {
+	__do_free int *caplist = NULL;
 	int i, capid, numcaps;
 	char *keep_entry;
 	struct lxc_list *iterator;
@@ -2570,7 +2573,7 @@ static int dropcaps_except(struct lxc_list *caps)
 	TRACE("Found %d capabilities", numcaps);
 
 	/* caplist[i] is 1 if we keep capability i */
-	int *caplist = alloca(numcaps * sizeof(int));
+	caplist = must_realloc(NULL, numcaps * sizeof(int));
 	memset(caplist, 0, numcaps * sizeof(int));
 
 	lxc_list_for_each (iterator, caps) {