What can we learn from the recently disclosed vulnerabilites in systemd?

<https://www.openwall.com/lists/oss-security/2019/01/09/3>

I'm not a security expert, nor have I understood all the details.

But there's one thing that really stands out:

> ... Surprised by the heavy usage of alloca() in journald, ...

Heavy usage of `alloca()`? Let's have a look at the manpage:

> DESCRIPTION
>        The  alloca()  function  allocates  size  bytes of space in the
>        stack frame of the caller.  This temporary space  is  automati‐
>        cally  freed  when the function that called alloca() returns to
>        its caller.
>
> RETURN VALUE
>        The alloca() function returns a pointer to the beginning of the
>        allocated space.  If the allocation causes stack overflow, pro‐
>        gram behavior is undefined.
> ...
>
> NOTES
>        The  alloca() function is machine- and compiler-dependent.  For
>        certain applications, its use can improve  efficiency  compared
>        to the use of malloc(3) plus free(3).  In certain cases, it can
>        also simplify memory  deallocation  in  applications  that  use
>        longjmp(3)  or  siglongjmp(3).   Otherwise, its use is discour‐
>        aged.


`alloca()` never returns an error. If it fails, then it fails, and
you're screwed. The manpage explicitly discourages using it.

Okay then. Never use `alloca()`, if you ask me.

You are viewing proxied material from uninformativ.de. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.