Replace alloca in __tzfile_read by malloc. Fixes bug 15670
This commit is contained in:
parent
3d7dc513b7
commit
45c30c61c9
@ -1,3 +1,8 @@
|
||||
2013-10-19 Ondřej Bílka <neleai@seznam.cz>
|
||||
|
||||
[BZ #15670]
|
||||
* time/tzfile.c (__tzfile_read): Replace alloca with malloc.
|
||||
|
||||
2013-10-18 Carlos O'Donell <carlos@redhat.com>
|
||||
|
||||
* manual/crypt.texi (Cryptographic Functions): Using SunRPC and
|
||||
|
10
NEWS
10
NEWS
@ -11,11 +11,11 @@ Version 2.19
|
||||
|
||||
156, 431, 832, 13028, 13982, 13985, 14155, 14547, 14699, 14910, 15048,
|
||||
15218, 15277, 15308, 15362, 15400, 15427, 15522, 15531, 15532, 15608,
|
||||
15609, 15610, 15632, 15640, 15672, 15680, 15681, 15723, 15734, 15735,
|
||||
15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847, 15849,
|
||||
15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893,
|
||||
15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, 15963,
|
||||
15966, 15988, 16032, 16034, 16036, 16041.
|
||||
15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723, 15734,
|
||||
15735, 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847,
|
||||
15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892,
|
||||
15893, 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948,
|
||||
15963, 15966, 15988, 16032, 16034, 16036, 16041.
|
||||
|
||||
* CVE-2012-4412 The strcoll implementation caches indices and rules for
|
||||
large collation sequences to optimize multiple passes. This cache
|
||||
|
@ -114,6 +114,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
|
||||
int was_using_tzfile = __use_tzfile;
|
||||
int trans_width = 4;
|
||||
size_t tzspec_len;
|
||||
char *new = NULL;
|
||||
|
||||
if (sizeof (time_t) != 4 && sizeof (time_t) != 8)
|
||||
abort ();
|
||||
@ -145,22 +146,12 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
|
||||
if (*file != '/')
|
||||
{
|
||||
const char *tzdir;
|
||||
unsigned int len, tzdir_len;
|
||||
char *new, *tmp;
|
||||
|
||||
tzdir = getenv ("TZDIR");
|
||||
if (tzdir == NULL || *tzdir == '\0')
|
||||
{
|
||||
tzdir = default_tzdir;
|
||||
tzdir_len = sizeof (default_tzdir) - 1;
|
||||
}
|
||||
else
|
||||
tzdir_len = strlen (tzdir);
|
||||
len = strlen (file) + 1;
|
||||
new = (char *) __alloca (tzdir_len + 1 + len);
|
||||
tmp = __mempcpy (new, tzdir, tzdir_len);
|
||||
*tmp++ = '/';
|
||||
memcpy (tmp, file, len);
|
||||
if (__asprintf (&new, "%s/%s", tzdir, file) == -1)
|
||||
goto ret_free_transitions;
|
||||
file = new;
|
||||
}
|
||||
|
||||
@ -170,11 +161,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
|
||||
&& stat64 (file, &st) == 0
|
||||
&& tzfile_ino == st.st_ino && tzfile_dev == st.st_dev
|
||||
&& tzfile_mtime == st.st_mtime)
|
||||
{
|
||||
/* Nothing to do. */
|
||||
__use_tzfile = 1;
|
||||
return;
|
||||
}
|
||||
goto done; /* Nothing to do. */
|
||||
|
||||
/* Note the file is opened with cancellation in the I/O functions
|
||||
disabled and if available FD_CLOEXEC set. */
|
||||
@ -527,12 +514,15 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
|
||||
__daylight = rule_stdoff != rule_dstoff;
|
||||
__timezone = -rule_stdoff;
|
||||
|
||||
done:
|
||||
__use_tzfile = 1;
|
||||
free (new);
|
||||
return;
|
||||
|
||||
lose:
|
||||
fclose (f);
|
||||
ret_free_transitions:
|
||||
free (new);
|
||||
free ((void *) transitions);
|
||||
transitions = NULL;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user