This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] tzset robustness [BZ#17715]
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 15 Jan 2015 20:25:34 +0000
- Subject: Re: [PATCH] tzset robustness [BZ#17715]
- Authentication-results: sourceware.org; auth=none
- References: <54B6E99E dot 4030109 at redhat dot com>
On Wed, 14 Jan 2015, Florian Weimer wrote:
> @@ -434,6 +437,10 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
> goto lose;
>
> tzspec_len = st.st_size - off - 1;
> + if (tzspec_len >= 256)
> + /* POSIX time zone specifiers are much shorter than 256
> + characters. */
> + goto lose;
> char *tzstr = alloca (tzspec_len);
> if (getc_unlocked (f) != '\n'
> || (__fread_unlocked (tzstr, 1, tzspec_len - 1, f)
Is it possible to have tzspec_len == 0 here? The code doesn't look safe
if tzspec_len is 0 - it would pass (size_t)-1 to __fread_unlocked.
This code is for the case where time_t is 4-byte (and so size_t is
4-byte). tzspec_len is of type size_t. st.st_size is of type off64_t (st
is struct stat64), so 8-byte. If st.st_size < off + 2 we didn't get here,
but if st.st_size is off + 4GB + 1 it seems to me you could then get
tzspec_len being 0. (This file is opened with fopen not fopen64 so the
open should fail if it's a large file at fopen time, but one might suppose
it only becomes a large file between the fopen call and the fstat64 call.)
--
Joseph S. Myers
joseph@codesourcery.com