Add sudo_login_name_max() and sudo_host_name_max()

These convenience functions cache the value and handle any potenial
errors from sysconf().

Author: millert

include/sudo_util.h

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2013-2023 Todd C. Miller <[email protected]>
+ * Copyright (c) 2013-2025 Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -185,6 +185,8 @@ sudo_dso_public char *sudo_basename_v1(const char *filename);
 /* gethostname.c */
 sudo_dso_public char *sudo_gethostname_v1(void);
 #define sudo_gethostname() sudo_gethostname_v1()
+sudo_dso_public size_t sudo_host_name_max_v1(void);
+#define sudo_host_name_max() sudo_host_name_max_v1()
 
 /* gettime.c */
 sudo_dso_public int sudo_gettime_awake_v1(struct timespec *ts);
@@ -225,6 +227,10 @@ sudo_dso_public bool sudo_str2logfac_v1(const char *str, int *logfac);
 sudo_dso_public const char *sudo_logfac2str_v1(int num);
 #define sudo_logfac2str(_a) sudo_logfac2str_v1((_a))
 
+/* login_max.c */
+sudo_dso_public size_t sudo_login_name_max_v1(void);
+#define sudo_login_name_max() sudo_login_name_max_v1()
+
 /* logpri.c */
 sudo_dso_public bool sudo_str2logpri_v1(const char *str, int *logpri);
 #define sudo_str2logpri(_a, _b) sudo_str2logpri_v1((_a), (_b))

lib/util/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2011-2024 Todd C. Miller <[email protected]>
+# Copyright (c) 2011-2025 Todd C. Miller <[email protected]>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -147,11 +147,11 @@ SHELL = @SHELL@
 
 LTOBJS = basename.lo @DIGEST@ event.lo fatal.lo key_val.lo gethostname.lo \
 	 gettime.lo getgrouplist.lo gidlist.lo hexchar.lo json.lo lbuf.lo \
-	 locking.lo logfac.lo logpri.lo mkdir_parents.lo mmap_alloc.lo \
-	 multiarch.lo parseln.lo progname.lo rcstr.lo regex.lo roundup.lo \
-	 secure_path.lo setgroups.lo strsplit.lo strtobool.lo strtoid.lo \
-	 strtomode.lo strtonum.lo sudo_conf.lo sudo_debug.lo sudo_dso.lo \
-	 term.lo ttyname_dev.lo ttysize.lo uuid.lo \
+	 locking.lo logfac.lo login_max.lo logpri.lo mkdir_parents.lo \
+	 mmap_alloc.lo multiarch.lo parseln.lo progname.lo rcstr.lo regex.lo \
+	 roundup.lo secure_path.lo setgroups.lo strsplit.lo strtobool.lo \
+	 strtoid.lo strtomode.lo strtonum.lo sudo_conf.lo sudo_debug.lo \
+	 sudo_dso.lo term.lo ttyname_dev.lo ttysize.lo uuid.lo \
 	 @COMMON_OBJS@ @LTLIBOBJS@
 
 IOBJS = $(LTOBJS:.lo=.i)
@@ -1102,6 +1102,16 @@ logfac.i: $(srcdir)/logfac.c $(incdir)/compat/stdbool.h \
 	$(CPP) $(CPPFLAGS) $(srcdir)/logfac.c > $@
 logfac.plog: logfac.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logfac.c --i-file logfac.i --output-file $@
+login_max.lo: $(srcdir)/login_max.c $(incdir)/compat/stdbool.h \
+              $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
+              $(top_builddir)/config.h
+	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/login_max.c
+login_max.i: $(srcdir)/login_max.c $(incdir)/compat/stdbool.h \
+              $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
+              $(top_builddir)/config.h
+	$(CPP) $(CPPFLAGS) $(srcdir)/login_max.c > $@
+login_max.plog: login_max.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/login_max.c --i-file login_max.i --output-file $@
 logpri.lo: $(srcdir)/logpri.c $(incdir)/compat/stdbool.h \
            $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
            $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h

lib/util/gethostname.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2015 Todd C. Miller <[email protected]>
+ * Copyright (c) 2015, 2025 Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -36,16 +36,8 @@
 char *
 sudo_gethostname_v1(void)
 {
-    char *hname;
-    size_t host_name_max;
-
-#ifdef _SC_HOST_NAME_MAX
-    host_name_max = (size_t)sysconf(_SC_HOST_NAME_MAX);
-    if ((ssize_t)host_name_max <= 0)
-#endif
-	host_name_max = 255;	/* POSIX and historic BSD */
-
-    hname = malloc(host_name_max + 1);
+    const size_t host_name_max = sudo_host_name_max();
+    char *hname = malloc(host_name_max + 1);
     if (hname != NULL) {
 	if (gethostname(hname, host_name_max + 1) == 0 && *hname != '\0') {
 	    /* Old gethostname() may not NUL-terminate if there is no room. */
@@ -57,3 +49,22 @@ sudo_gethostname_v1(void)
     }
     return hname;
 }
+
+size_t
+sudo_host_name_max_v1(void)
+{
+    static size_t maxval;
+
+    if (maxval == 0) {
+	long lval;
+
+#ifdef _SC_HOST_NAME_MAX
+	lval = sysconf(_SC_HOST_NAME_MAX);
+	if (lval <= 0)
+#endif
+	    lval = 255;	/* POSIX and historic BSD */
+	maxval = (size_t)lval;
+    }
+
+    return maxval;
+}

lib/util/login_max.c

@@ -0,0 +1,50 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2025 Todd C. Miller <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <limits.h>
+
+#include <sudo_compat.h>
+#include <sudo_util.h>
+
+size_t
+sudo_login_name_max_v1(void)
+{
+    static size_t maxval;
+
+    if (maxval == 0) {
+	long lval;
+
+#ifdef _SC_LOGIN_NAME_MAX
+	lval = sysconf(_SC_LOGIN_NAME_MAX);
+	if (lval < 0)
+#endif
+	    lval = LOGIN_NAME_MAX;
+	maxval = (size_t)lval;
+    }
+
+    return maxval;
+}

lib/util/util.exp.in

@@ -96,6 +96,7 @@ sudo_gettime_awake_v1
 sudo_gettime_mono_v1
 sudo_gettime_real_v1
 sudo_hexchar_v1
+sudo_host_name_max_v1
 sudo_isatty_v1
 sudo_json_add_value_as_object_v1
 sudo_json_add_value_v1
@@ -119,6 +120,7 @@ sudo_lbuf_print_v1
 sudo_lock_file_v1
 sudo_lock_region_v1
 sudo_logfac2str_v1
+sudo_login_name_max_v1
 sudo_logpri2str_v1
 sudo_mkdir_parents_v1
 sudo_mmap_alloc_v1

plugins/sudoers/cvtsudoers_pwutil.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1996, 1998-2005, 2007-2019
+ * Copyright (c) 1996, 1998-2005, 2007-2020, 2022-2025
  *	Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -403,7 +403,7 @@ cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1)
     struct cache_item_grlist *grlitem;
     struct sudoers_string *s;
     struct group_list *grlist;
-    long groupname_len;
+    const size_t groupname_len = sudo_login_name_max();
     debug_decl(cvtsudoers_make_grlist_item, SUDOERS_DEBUG_NSS);
 
     /*
@@ -420,18 +420,10 @@ cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1)
 	ngroups++;
     }
 
-#ifdef _SC_LOGIN_NAME_MAX
-    groupname_len = sysconf(_SC_LOGIN_NAME_MAX);
-    if (groupname_len < 32)
-	groupname_len = 32;
-#else
-    groupname_len = MAX(LOGIN_NAME_MAX, 32);
-#endif
-
     /* Allocate in one big chunk for easy freeing. */
     nsize = strlen(pw->pw_name) + 1;
     total = sizeof(*grlitem) + nsize;
-    total += (size_t)groupname_len * ngroups;
+    total += groupname_len * ngroups;
 
 again:
     if ((grlitem = calloc(1, total)) == NULL) {
@@ -472,7 +464,7 @@ cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1)
 	}
 	len = strlen(s->str) + 1;
 	if ((size_t)(cp - (char *)grlitem) + len > total) {
-	    total += len + (size_t)groupname_len;
+	    total += len + groupname_len;
 	    free(grlitem);
 	    goto again;
 	}

plugins/sudoers/match.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1996, 1998-2005, 2007-2023
+ * Copyright (c) 1996, 1998-2005, 2007-2023, 2025
  *	Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -703,15 +703,9 @@ sudo_getdomainname(void)
     debug_decl(sudo_getdomainname, SUDOERS_DEBUG_MATCH);
 
     if (!initialized) {
-	size_t host_name_max;
+	const size_t host_name_max = sudo_host_name_max();
 	int rc;
 
-# ifdef _SC_HOST_NAME_MAX
-	host_name_max = (size_t)sysconf(_SC_HOST_NAME_MAX);
-	if (host_name_max == (size_t)-1)
-# endif
-	    host_name_max = 255;    /* POSIX and historic BSD */
-
 	domain = malloc(host_name_max + 1);
 	if (domain != NULL) {
 	    domain[0] = '\0';

plugins/sudoers/pwutil_impl.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1996, 1998-2005, 2007-2018
+ * Copyright (c) 1996, 1998-2005, 2007-2021, 2023-2025
  *	Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -363,12 +363,12 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, int ngids, GETGROUPS_T *gids,
 struct cache_item *
 PREFIX(make_grlist_item)(const struct passwd *pw, char * const *unused1)
 {
+    const size_t groupname_len = sudo_login_name_max();
     size_t len, ngroups, nsize, total;
     struct cache_item_grlist *grlitem;
     struct group_list *grlist;
     struct gid_list *gidlist;
     struct group *grp = NULL;
-    long groupname_len;
     char *cp;
     int i;
     debug_decl(sudo_make_grlist_item, SUDOERS_DEBUG_NSS);
@@ -381,19 +381,11 @@ PREFIX(make_grlist_item)(const struct passwd *pw, char * const *unused1)
 	debug_return_ptr(NULL);
     }
 
-#ifdef _SC_LOGIN_NAME_MAX
-    groupname_len = sysconf(_SC_LOGIN_NAME_MAX);
-    if (groupname_len < 32)
-	groupname_len = 32;
-#else
-    groupname_len = MAX(LOGIN_NAME_MAX, 32);
-#endif
-
     /* Allocate in one big chunk for easy freeing. */
     nsize = strlen(pw->pw_name) + 1;
     total = sizeof(*grlitem) + nsize;
     total += sizeof(char *) * (size_t)gidlist->ngids;
-    total += (size_t)(groupname_len * gidlist->ngids);
+    total += groupname_len * (size_t)gidlist->ngids;
 
 again:
     if ((grlitem = calloc(1, total)) == NULL) {
@@ -432,7 +424,7 @@ PREFIX(make_grlist_item)(const struct passwd *pw, char * const *unused1)
 	if ((grp = sudo_getgrgid(gidlist->gids[i])) != NULL) {
 	    len = strlen(grp->gr_name) + 1;
 	    if ((size_t)(cp - (char *)grlitem) + len > total) {
-		total += len + (size_t)groupname_len;
+		total += len + groupname_len;
 		free(grlitem);
 		sudo_gr_delref(grp);
 		goto again;