From patchwork Mon Sep 18 20:26:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Simmons-Talbott X-Patchwork-Id: 1836419 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=bsArK5Hs; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RqGY553flz1yhy for ; Tue, 19 Sep 2023 06:26:49 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 51CB8385696B for ; Mon, 18 Sep 2023 20:26:47 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 4727E385C6FE for ; Mon, 18 Sep 2023 20:26:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4727E385C6FE Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1695068796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DpyN3ZpNSTbEhhTz9SgBB0SaZhxTDv4U3bNTReceCxw=; b=bsArK5Hs6ZFY14VvvISu9qMSuxw4DScmpOlrWcBP+28WQuwMOOu7YlRmPmMB5FXB0HrjmM ub1UT5S0TQ+SMqth/vmB3LVmXvjxYEOiKjXkPXluXq1DxbaP2Hp9o6ouiKMSO65CknXs94 A06zC8NFFOTfmSXvtqRgazH3IwvvLbs= Received: from mail-ot1-f71.google.com (mail-ot1-f71.google.com [209.85.210.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-608-QDeKwKzwPKyJ1UvG2tNbYA-1; Mon, 18 Sep 2023 16:26:35 -0400 X-MC-Unique: QDeKwKzwPKyJ1UvG2tNbYA-1 Received: by mail-ot1-f71.google.com with SMTP id 46e09a7af769-6c0f2a1da4fso6708174a34.2 for ; Mon, 18 Sep 2023 13:26:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695068794; x=1695673594; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DpyN3ZpNSTbEhhTz9SgBB0SaZhxTDv4U3bNTReceCxw=; b=ktN5T+04hP1AiYnoDte2xF1yFtA8Fmta5rsj57HTBifvDeh7jIV05cwni9zNmHHTOq pKYgt6lYfThufuxmkl1Dl/sjEQOEZVjxrXk3PzkccXttGWs7oAK7mu2BUczru5adNa3w gbw7RpL3Yw/FjsjUv8H9qCZskhyvwbkrZpchSlagIODNdnEnme0dNkwxs2+kk5AxvizM wAu7EP3RN64GXz5vCWrZaUVx1xay6nNO7TZCasf74K/3kFQebs0nQ2ZILRME/r2rV0Yy tlBTJt0YnA89q59nNXc2EvBb3FYTxf74B9GEAbzTe1qtspVIsdG8kIxSzjEE86WC2oVL auCg== X-Gm-Message-State: AOJu0Yza9jLP0VAzLuYoIay/FJm4BftNX5g9p8Pj0ZEi1VNtXRv9R3BW FGmFoQz05zDm9gu4/jGTfW4h0GWCC0DYOJ+Lec4mfEdf3dO6pAc7DxDXjoV1gl/2uA7GUPecqJw vVW1LXuXkJu0lJFd080eir6EA5skWPCcZO3iGaMALaaqxy5Fseq87+0U8RBWebPdHAN1R1oq707 Uc2VYx X-Received: by 2002:a54:4090:0:b0:3ab:6910:f5eb with SMTP id i16-20020a544090000000b003ab6910f5ebmr12050224oii.10.1695068794468; Mon, 18 Sep 2023 13:26:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG8PYzdJ3xi7htoASDWDIgp8CgeGqH7r2b9k6yVNmY3G2HsUUBDUsZfi/Y3KPEqi2UL2z8/vg== X-Received: by 2002:a54:4090:0:b0:3ab:6910:f5eb with SMTP id i16-20020a544090000000b003ab6910f5ebmr12050209oii.10.1695068794129; Mon, 18 Sep 2023 13:26:34 -0700 (PDT) Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238]) by smtp.gmail.com with ESMTPSA id ga13-20020a05622a590d00b0040399fb5ef3sm3231561qtb.0.2023.09.18.13.26.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 13:26:33 -0700 (PDT) From: Joe Simmons-Talbott To: libc-alpha@sourceware.org Cc: Joe Simmons-Talbott Subject: [PATCH] crypt: Get rid of alloca usage in __sha256_crypt_r Date: Mon, 18 Sep 2023 16:26:22 -0400 Message-ID: <20230918202631.2828791-1-josimmon@redhat.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Replace alloca usage with scratch_buffers to avoid potential stack overflow. --- crypt/sha256-crypt.c | 65 ++++++++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/crypt/sha256-crypt.c b/crypt/sha256-crypt.c index e90eb590bb..d686c67cd5 100644 --- a/crypt/sha256-crypt.c +++ b/crypt/sha256-crypt.c @@ -18,6 +18,7 @@ #include #include +#include #include #include #include @@ -118,6 +119,14 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) size_t alloca_used = 0; char *free_key = NULL; char *free_pbytes = NULL; + struct scratch_buffer sbuf; + scratch_buffer_init (&sbuf); + struct scratch_buffer p_bytes_buf; + scratch_buffer_init (&p_bytes_buf); + struct scratch_buffer salt_buf; + scratch_buffer_init (&salt_buf); + struct scratch_buffer s_bytes_buf; + scratch_buffer_init (&s_bytes_buf); /* Find beginning of salt string. The prefix should normally always be present. Just in case it is not. */ @@ -146,14 +155,11 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) { char *tmp; - if (__libc_use_alloca (alloca_used + key_len + __alignof__ (uint32_t))) - tmp = alloca_account (key_len + __alignof__ (uint32_t), alloca_used); - else - { - free_key = tmp = (char *) malloc (key_len + __alignof__ (uint32_t)); - if (tmp == NULL) - return NULL; - } + if (!scratch_buffer_set_array_size ( + &sbuf, 1, key_len + __alignof__ (uint32_t))) + return NULL; + + tmp = sbuf.data; key = copied_key = memcpy (tmp + __alignof__ (uint32_t) @@ -164,8 +170,14 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) if (((uintptr_t) salt) % __alignof__ (uint32_t) != 0) { - char *tmp = (char *) alloca (salt_len + __alignof__ (uint32_t)); - alloca_used += salt_len + __alignof__ (uint32_t); + char *tmp; + if (!scratch_buffer_set_array_size ( + &salt_buf, 1, salt_len + __alignof__ (uint32_t))) + { + scratch_buffer_free (&sbuf); + return NULL; + } + tmp = salt_buf.data; salt = copied_salt = memcpy (tmp + __alignof__ (uint32_t) - ((uintptr_t) tmp) % __alignof__ (uint32_t), @@ -178,7 +190,8 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) NSSLOWInitContext *nss_ictx = NSSLOW_Init (); if (nss_ictx == NULL) { - free (free_key); + scratch_buffer_free (&sbuf); + scratch_buffer_free (&salt_buf); return NULL; } NSSLOWHASHContext *nss_ctx = NULL; @@ -243,17 +256,13 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) sha256_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); /* Create byte sequence P. */ - if (__libc_use_alloca (alloca_used + key_len)) - cp = p_bytes = (char *) alloca (key_len); - else + if (!scratch_buffer_set_array_size (&p_bytes_buf, 1, key_len)) { - free_pbytes = cp = p_bytes = (char *)malloc (key_len); - if (free_pbytes == NULL) - { - free (free_key); - return NULL; - } + scratch_buffer_free (&sbuf); + scratch_buffer_free (&salt_buf); + return NULL; } + cp = p_bytes = p_bytes_buf.data; for (cnt = key_len; cnt >= 32; cnt -= 32) cp = mempcpy (cp, temp_result, 32); @@ -270,7 +279,15 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) sha256_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); /* Create byte sequence S. */ - cp = s_bytes = alloca (salt_len); + if (!scratch_buffer_set_array_size (&s_bytes_buf, 1, salt_len)) + { + scratch_buffer_free (&sbuf); + scratch_buffer_free (&p_bytes_buf); + scratch_buffer_free (&salt_buf); + return NULL; + } + cp = s_bytes = s_bytes_buf.data; + for (cnt = salt_len; cnt >= 32; cnt -= 32) cp = mempcpy (cp, temp_result, 32); memcpy (cp, temp_result, cnt); @@ -381,8 +398,10 @@ __sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) if (copied_salt != NULL) explicit_bzero (copied_salt, salt_len); - free (free_key); - free (free_pbytes); + scratch_buffer_free (&sbuf); + scratch_buffer_free (&p_bytes_buf); + scratch_buffer_free (&salt_buf); + scratch_buffer_free (&s_bytes_buf); return buffer; }