This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH][BZ #15670] Bound alloca in __tzfile_read.

From: OndÅej BÃlka <neleai at seznam dot cz>
To: jsm28 at gcc dot gnu dot org
Cc: libc-alpha at sourceware dot org
Date: Mon, 14 Oct 2013 15:15:22 +0200
Subject: [PATCH][BZ #15670] Bound alloca in __tzfile_read.
Authentication-results: sourceware.org; auth=none

This is one of bugs that take longer to read than to fix. There is a
unbound alloca and obvious limit is PATH_MAX.

OK to commit?

	* time/tzfile.c (__tzfile_read): Bound memory allocated by PATH_MAX.

diff --git a/misc/error.c b/misc/error.c
index c8e62cf..a34cbbf 100644
--- a/misc/error.c
+++ b/misc/error.c
@@ -41,6 +41,11 @@
 # define _(String) String
 #endif
 
+#ifndef PATH_MAX
+# define PATH_MAX 1024
+#endif
+
+
 /* If NULL, error will flush stdout, then print on stderr the program
    name, a colon and a space.  Otherwise, error will call this
    function without parameters instead.  */
diff --git a/time/tzfile.c b/time/tzfile.c
index 9dd5130..b38ec1f 100644
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -157,6 +157,8 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
       else
 	tzdir_len = strlen (tzdir);
       len = strlen (file) + 1;
+      if (tzdir_len + len > PATH_MAX)
+	goto ret_free_transitions;
       new = (char *) __alloca (tzdir_len + 1 + len);
       tmp = __mempcpy (new, tzdir, tzdir_len);
       *tmp++ = '/';

Follow-Ups:
- Re: [PATCH][BZ #15670] Bound alloca in __tzfile_read.
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]