:: Re: [DNG] Nasty Linux systemd secur…
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng@lists.dyne.org
Subject: Re: [DNG] Nasty Linux systemd security bug revealed
Le 21/07/2021 à 21:08, Andreas Messer a écrit :
> On Wed, Jul 21, 2021 at 02:36:16PM +0200, Didier Kryn wrote:
>> added (by gcc ?) to work around a missing feature of the C language:
>> dynamic allocation on the stack. This lack has disapeared many years ago
>> ( don't know with which version of the C standard) , with the following
>> form of allocation:
>>
>> ...
>>
>> n = 2x+1;
>>
>> {
>>
>>     int array[n];
>>
>>     ...
>>
>> }
>>
>>     And, therefore, alloca() should be removed.
> Well, alloca(n*sizeof(int)) and your suggestion both do the same in that
> they allocate memory from stack without any checking. Thus both will
> show the same failure mode of possible stack overflow.


    There's a choice of options in GCC to deal with stack protection.
Eg:  -fstack-check

    Plus a bunch of macros.

    They all deal with allocation of automatic variables. For alloca(),
instead, there's explicitely no check.

    In addition, the compiler is not informed of the invocation of
alloca(); therefore the space allocated to non-static automatic
variables may overlap with the space "allocated" by alloca().

>
> In any case, the implementation should put some limit on n before
> executing alloca() or int array[n].
>
> To be honest, I really don't seesomething against using alloca() despite
> its not Posix. Especially, there is no advantage of array[n]
> regarding the stack overflow issue.

    See above.
>
> Of course, critical software should not rely on dynamic stack allocation
> since its unpredictable. (but also not on runtime heap allocation too)

    malloc() returns NULL il case of error. Errors should always be checked.


--     Didier