This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] tzset robustness [BZ#17715]

On Wed, 14 Jan 2015, Florian Weimer wrote:

> @@ -434,6 +437,10 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
>  	goto lose;
>        tzspec_len = st.st_size - off - 1;
> +      if (tzspec_len >= 256)
> +	/* POSIX time zone specifiers are much shorter than 256
> +	   characters.  */
> +	goto lose;
>        char *tzstr = alloca (tzspec_len);
>        if (getc_unlocked (f) != '\n'
>  	  || (__fread_unlocked (tzstr, 1, tzspec_len - 1, f)

Is it possible to have tzspec_len == 0 here?  The code doesn't look safe 
if tzspec_len is 0 - it would pass (size_t)-1 to __fread_unlocked.

This code is for the case where time_t is 4-byte (and so size_t is 
4-byte).  tzspec_len is of type size_t.  st.st_size is of type off64_t (st 
is struct stat64), so 8-byte.  If st.st_size < off + 2 we didn't get here, 
but if st.st_size is off + 4GB + 1 it seems to me you could then get 
tzspec_len being 0.  (This file is opened with fopen not fopen64 so the 
open should fail if it's a large file at fopen time, but one might suppose 
it only becomes a large file between the fopen call and the fstat64 call.)

Joseph S. Myers

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]