From: Danny Milosavljevic <dannym@scratchpost.org>
To: Leo Famulari <leo@famulari.name>
Cc: 40832@debbugs.gnu.org
Subject: bug#40832: alsa-lib cannot find its plugins
Date: Wed, 29 Jul 2020 13:18:44 +0200 [thread overview]
Message-ID: <20200729131844.18b08be2@scratchpost.org> (raw)
In-Reply-To: <20200728235623.GA1936@jasmine.lan>
[-- Attachment #1: Type: text/plain, Size: 1885 bytes --]
Hi Leo,
On Tue, 28 Jul 2020 19:56:23 -0400
Leo Famulari <leo@famulari.name> wrote:
> On Tue, Jul 28, 2020 at 12:52:41PM +0200, Danny Milosavljevic wrote:
> > some comments on the lastest patch:
>
> Thank you for reviewing the patch!
>
> > * The entire alsa-lib seems to use the idiom "malloc and then strcpy", or
> > "malloc and then sprintf", or, worse, "malloc, strcpy and multiple strcat".
> > These are a buffer overflow waiting to happen (when changing part of those
> > while doing ongoing maintenance; also the places where they use "+" is not
> > checked for overflow). That said, if they do it, we can do it that way, too.
>
> This confirms what I felt — it's hard to feel confident about the bounds
> checking in this code. It seems to be based on the names of the plugin
> libraries not exceeding some magic length. It's hard to balance "doing
> the right thing" and using upstream's idioms.
After thinking about it more, I think it's much worse if the thing that is
stuck into the malloced block is the value of an environment variable.
When it's a compile-time variable you basically trust the code and the
distribution package not to have too-long paths in there that could overflow
the "+" in malloc(... + ). A distribution or upstream could do much worse
things than that, so that is not a credible threat to worry about.
For a runtime variable like the environment variable (that anyone can set to
anything), I am very much in favor of not using malloc(... + ) and instead
using asprintf, in order to prevent an exploitable buffer overflow just by
setting up an environment variable.
> When writing the patch, my investigation into the code made decide that
> it would not overflow, but now I don't remember why I thought that.
Thanks for that remark. It made me think and I came to the recommendation
above.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2020-07-29 11:20 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-24 21:37 bug#40832: Audacity does not work with PulseAudio Leo Famulari
2020-04-24 23:15 ` Leo Famulari
2020-04-25 4:03 ` Leo Famulari
2020-04-26 20:03 ` bug#40832: alsa-lib cannot find its plugins Leo Famulari
2020-04-28 21:25 ` bug#40832: Audacity does not work with PulseAudio Ludovic Courtès
2020-04-28 22:39 ` Leo Famulari
2020-05-08 22:45 ` Leo Famulari
2020-05-09 5:24 ` Leo Famulari
2020-05-16 19:33 ` bug#40832: [PATCH 0/2] Help alsa-lib find its plugins Leo Famulari
2020-05-16 19:34 ` bug#40832: [PATCH 1/2] gnu: alsa-plugins: Add GUIX_ALSA_PLUGIN_DIRS search path specification Leo Famulari
2020-05-16 19:34 ` bug#40832: [PATCH 2/2] gnu: Help alsa-lib find its plugins on foreign distros Leo Famulari
2020-05-17 18:19 ` bug#40832: [PATCH 0/2] Help alsa-lib find its plugins Leo Famulari
2020-07-28 10:52 ` bug#40832: alsa-lib cannot " Danny Milosavljevic
2020-07-28 10:56 ` Danny Milosavljevic
2020-07-28 23:56 ` Leo Famulari
2020-07-28 23:56 ` Leo Famulari
2020-07-29 11:18 ` Danny Milosavljevic [this message]
2020-10-13 16:02 ` Leo Famulari
2021-02-01 20:51 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200729131844.18b08be2@scratchpost.org \
--to=dannym@scratchpost.org \
--cc=40832@debbugs.gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).