autofs-5.1.2 - add configure option for limiting getgrgid_r() stack usage

From: Ian Kent <raven@themaw.net>

Almost all the time it isn't a problem for glibc to use stack allocation
to store group information during calls to getgrgid_r().

But if it is a problem the --enable-limit-getgrgid-size configure option
can be used to limit the buffer size passed to getgrgid_r() (which is used
to decide whether to alloca() local storage for the call).

The check allows the call to go ahead if the increased buffer size is less
than 0.9 of the thread stack size.

This isn't ideal because the current stack usage isn't known but should
be ok much of the time.

Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG           |    1 +
 configure           |   32 +++++++++++++++++++++++++-------
 configure.in        |   24 +++++++++++++++++-------
 include/config.h.in |    3 +++
 lib/mounts.c        |    6 ++++--
 5 files changed, 50 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 0a84aa4..1d7ed82 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -62,6 +62,7 @@ xx/xx/2016 autofs-5.1.3
 - fix offset mount location multiple expansion.
 - increase worker thread per-thread stack size.
 - limit getgrgid_r() buffer size.
+- add congigure option for limiting getgrgid_r() stack usage.
 
 15/06/2016 autofs-5.1.2
 =======================
diff --git a/configure b/configure
index 8467582..2a67768 100755
--- a/configure
+++ b/configure
@@ -744,6 +744,7 @@ enable_ext_env
 enable_mount_locking
 enable_force_shutdown
 enable_ignore_busy
+enable_limit_getgrgid_size
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1361,13 +1362,14 @@ Optional Features:
   --disable-option-checking  ignore unrecognized --enable/--with options
   --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
-  --enable-sloppy-mount   enable the use of the -s option to mount
-  --disable-ext-env	  disable search in environment for substitution variable
-  --disable-mount-locking disable use of locking when spawning mount command
-  --enable-force-shutdown enable USR1 signal to force unlink umount of any
-			  busy mounts during shutdown
-  --enable-ignore-busy	  enable exit without umounting busy mounts during
-			  shutdown
+  --enable-sloppy-mount         enable the use of the -s option to mount
+  --disable-ext-env	        disable search in environment for substitution variable
+  --disable-mount-locking       disable use of locking when spawning mount command
+  --enable-force-shutdown       enable USR1 signal to force unlink umount of any
+			        busy mounts during shutdown
+  --enable-ignore-busy	        enable exit without umounting busy mounts during
+			        shutdown
+  --enable-limit-getgrgid-size	enable limit stack use of getgrgid_r()
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -5730,6 +5732,22 @@ $as_echo "#define ENABLE_IGNORE_BUSY_MOUNTS 1" >>confdefs.h
 fi
 
 #
+# Enable exit, ignoring busy mounts.
+#
+# Check whether --enable-limit-getgrgid-size was given.
+if test "${enable_limit_getgrgid_size+set}" = set; then :
+  enableval=$enable_limit_getgrgid_size;
+else
+  enableval=no
+fi
+
+if test x$enable_limit_getgrgid_size = xyes -o x$enableval = xyes; then
+
+$as_echo "#define ENABLE_LIMIT_GETGRGID_SIZE 1" >>confdefs.h
+
+fi
+
+#
 # Write Makefile.conf and include/config.h
 #
 ac_config_headers="$ac_config_headers include/config.h"
diff --git a/configure.in b/configure.in
index a4318e8..d44938b 100644
--- a/configure.in
+++ b/configure.in
@@ -158,7 +158,7 @@ AC_SUBST(sssldir)
 # good for portability
 #
 AC_ARG_ENABLE(sloppy-mount,
-[  --enable-sloppy-mount   enable the use of the -s option to mount],,
+[  --enable-sloppy-mount         enable the use of the -s option to mount],,
 	enable_sloppy_mount=auto)
 if test x$enable_sloppy_mount = xauto; then
 	AF_SLOPPY_MOUNT()
@@ -348,7 +348,7 @@ AC_SUBST(DAEMON_LDFLAGS)
 # Enable ability to access value in external env variable
 #
 AC_ARG_ENABLE(ext-env,
-[  --disable-ext-env	  disable search in environment for substitution variable],,
+[  --disable-ext-env	        disable search in environment for substitution variable],,
 	enableval=yes)
 if test x$enable_ext_env = xyes -o x$enableval = xyes; then
         AC_DEFINE(ENABLE_EXT_ENV, 1, [leave this alone])
@@ -358,7 +358,7 @@ fi
 # Disable use of locking when spawning mount command
 #
 AC_ARG_ENABLE(mount-locking,
-[  --disable-mount-locking disable use of locking when spawning mount command],,
+[  --disable-mount-locking       disable use of locking when spawning mount command],,
 	enableval=yes)
 if test x$enable_mount_locking = xyes -o x$enableval = xyes; then
 	AC_DEFINE(ENABLE_MOUNT_LOCKING, 1, [Disable use of locking when spawning mount command])
@@ -368,8 +368,8 @@ fi
 # Enable forced shutdown on USR1 signal (unlink umounts all mounts).
 #
 AC_ARG_ENABLE(force-shutdown,
-[  --enable-force-shutdown enable USR1 signal to force unlink umount of any
-			  busy mounts during shutdown],,
+[  --enable-force-shutdown       enable USR1 signal to force unlink umount of any
+			        busy mounts during shutdown],,
 	enableval=no)
 if test x$enable_forced_shutdown = xyes -o x$enableval = xyes; then
 	AC_DEFINE(ENABLE_FORCED_SHUTDOWN, 1, [Enable forced shutdown on USR1 signal])
@@ -379,14 +379,24 @@ fi
 # Enable exit, ignoring busy mounts.
 #
 AC_ARG_ENABLE(ignore-busy,
-[  --enable-ignore-busy	  enable exit without umounting busy mounts during
-			  shutdown],,
+[  --enable-ignore-busy	        enable exit without umounting busy mounts during
+			        shutdown],,
 	enableval=no)
 if test x$enable_ignore_busy_mounts = xyes -o x$enableval = xyes; then
 	AC_DEFINE(ENABLE_IGNORE_BUSY_MOUNTS, 1, [Enable exit, ignoring busy mounts])
 fi
 
 #
+# Enable exit, ignoring busy mounts.
+#
+AC_ARG_ENABLE(limit-getgrgid-size,
+[  --enable-limit-getgrgid-size	enable limit stack use of getgrgid_r()],,
+	enableval=no)
+if test x$enable_limit_getgrgid_size = xyes -o x$enableval = xyes; then
+	AC_DEFINE(ENABLE_LIMIT_GETGRGID_SIZE, 1, [Enable limit stack use of getgrgid_r()])
+fi
+
+#
 # Write Makefile.conf and include/config.h
 #
 AC_CONFIG_HEADER(include/config.h)
diff --git a/include/config.h.in b/include/config.h.in
index 7037b24..e888509 100644
--- a/include/config.h.in
+++ b/include/config.h.in
@@ -9,6 +9,9 @@
 /* Enable exit, ignoring busy mounts */
 #undef ENABLE_IGNORE_BUSY_MOUNTS
 
+/* Enable limit stack use of getgrgid_r() */
+#undef ENABLE_LIMIT_GETGRGID_SIZE
+
 /* Disable use of locking when spawning mount command */
 #undef ENABLE_MOUNT_LOCKING
 
diff --git a/lib/mounts.c b/lib/mounts.c
index 91bf940..ce6a60a 100644
--- a/lib/mounts.c
+++ b/lib/mounts.c
@@ -1514,8 +1514,10 @@ void set_tsd_user_vars(unsigned int logopt, uid_t uid, gid_t gid)
 
 	gr_tmp = NULL;
 	status = ERANGE;
+#ifdef ENABLE_LIMIT_GETGRGID_SIZE
 	if (!maxgrpbuf)
 		maxgrpbuf = detached_thread_stack_size * 0.9;
+#endif
 
 	/* If getting the group name fails go on without it. It's
 	 * used to set an environment variable for program maps
@@ -1539,9 +1541,9 @@ void set_tsd_user_vars(unsigned int logopt, uid_t uid, gid_t gid)
 		tmplen += grplen;
 
 		/* Don't tempt glibc to alloca() larger than is (likely)
-		 * available on the stack.
+		 * available on the stack if limit-getgrgid-size is enabled.
 		 */
-		if (tmplen < maxgrpbuf)
+		if (!maxgrpbuf || (tmplen < maxgrpbuf))
 			continue;
 
 		/* Add a message so we know this happened */