diff options
| author | Ondřej Bílka <neleai@seznam.cz> | 2013-10-20 08:25:25 +0200 |
|---|---|---|
| committer | Ondřej Bílka <neleai@seznam.cz> | 2013-10-20 08:26:05 +0200 |
| commit | 45c30c61c9001867c1891f5862764f084e53f348 (patch) | |
| tree | c0455f7bbf57ef230ce6dad3c448bb8ae55bed9b | |
| parent | 3d7dc513b782407bd397b13771a631d9080d3aac (diff) | |
| download | glibc-45c30c61c9001867c1891f5862764f084e53f348.tar.gz | |
Replace alloca in __tzfile_read by malloc. Fixes bug 15670
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | NEWS | 10 | ||||
| -rw-r--r-- | time/tzfile.c | 26 |
3 files changed, 18 insertions, 23 deletions
@@ -1,3 +1,8 @@ +2013-10-19 Ondřej Bílka <neleai@seznam.cz> + + [BZ #15670] + * time/tzfile.c (__tzfile_read): Replace alloca with malloc. + 2013-10-18 Carlos O'Donell <carlos@redhat.com> * manual/crypt.texi (Cryptographic Functions): Using SunRPC and @@ -11,11 +11,11 @@ Version 2.19 156, 431, 832, 13028, 13982, 13985, 14155, 14547, 14699, 14910, 15048, 15218, 15277, 15308, 15362, 15400, 15427, 15522, 15531, 15532, 15608, - 15609, 15610, 15632, 15640, 15672, 15680, 15681, 15723, 15734, 15735, - 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847, 15849, - 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893, - 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, 15963, - 15966, 15988, 16032, 16034, 16036, 16041. + 15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723, 15734, + 15735, 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847, + 15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, + 15893, 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, + 15963, 15966, 15988, 16032, 16034, 16036, 16041. * CVE-2012-4412 The strcoll implementation caches indices and rules for large collation sequences to optimize multiple passes. This cache diff --git a/time/tzfile.c b/time/tzfile.c index 9dd5130757..3ea3051f4c 100644 --- a/time/tzfile.c +++ b/time/tzfile.c @@ -114,6 +114,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap) int was_using_tzfile = __use_tzfile; int trans_width = 4; size_t tzspec_len; + char *new = NULL; if (sizeof (time_t) != 4 && sizeof (time_t) != 8) abort (); @@ -145,22 +146,12 @@ __tzfile_read (const char *file, size_t extra, char **extrap) if (*file != '/') { const char *tzdir; - unsigned int len, tzdir_len; - char *new, *tmp; tzdir = getenv ("TZDIR"); if (tzdir == NULL || *tzdir == '\0') - { - tzdir = default_tzdir; - tzdir_len = sizeof (default_tzdir) - 1; - } - else - tzdir_len = strlen (tzdir); - len = strlen (file) + 1; - new = (char *) __alloca (tzdir_len + 1 + len); - tmp = __mempcpy (new, tzdir, tzdir_len); - *tmp++ = '/'; - memcpy (tmp, file, len); + tzdir = default_tzdir; + if (__asprintf (&new, "%s/%s", tzdir, file) == -1) + goto ret_free_transitions; file = new; } @@ -170,11 +161,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap) && stat64 (file, &st) == 0 && tzfile_ino == st.st_ino && tzfile_dev == st.st_dev && tzfile_mtime == st.st_mtime) - { - /* Nothing to do. */ - __use_tzfile = 1; - return; - } + goto done; /* Nothing to do. */ /* Note the file is opened with cancellation in the I/O functions disabled and if available FD_CLOEXEC set. */ @@ -527,12 +514,15 @@ __tzfile_read (const char *file, size_t extra, char **extrap) __daylight = rule_stdoff != rule_dstoff; __timezone = -rule_stdoff; + done: __use_tzfile = 1; + free (new); return; lose: fclose (f); ret_free_transitions: + free (new); free ((void *) transitions); transitions = NULL; } |