This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH][BZ #15670] Bound alloca in __tzfile_read.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: jsm28 at gcc dot gnu dot org
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 14 Oct 2013 15:15:22 +0200
- Subject: [PATCH][BZ #15670] Bound alloca in __tzfile_read.
- Authentication-results: sourceware.org; auth=none
This is one of bugs that take longer to read than to fix. There is a
unbound alloca and obvious limit is PATH_MAX.
OK to commit?
* time/tzfile.c (__tzfile_read): Bound memory allocated by PATH_MAX.
diff --git a/misc/error.c b/misc/error.c
index c8e62cf..a34cbbf 100644
--- a/misc/error.c
+++ b/misc/error.c
@@ -41,6 +41,11 @@
# define _(String) String
#endif
+#ifndef PATH_MAX
+# define PATH_MAX 1024
+#endif
+
+
/* If NULL, error will flush stdout, then print on stderr the program
name, a colon and a space. Otherwise, error will call this
function without parameters instead. */
diff --git a/time/tzfile.c b/time/tzfile.c
index 9dd5130..b38ec1f 100644
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -157,6 +157,8 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
else
tzdir_len = strlen (tzdir);
len = strlen (file) + 1;
+ if (tzdir_len + len > PATH_MAX)
+ goto ret_free_transitions;
new = (char *) __alloca (tzdir_len + 1 + len);
tmp = __mempcpy (new, tzdir, tzdir_len);
*tmp++ = '/';