This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
On Jun 06 2018, Carlos O'Donell <carlos@redhat.com> wrote:
> On 06/06/2018 12:30 PM, Andreas Schwab wrote:
>> On Jun 06 2018, Carlos O'Donell <carlos@redhat.com> wrote:
>>
>>> + /* Find longest valid input sequence. */
>>> + ilen = 0;
>>> + while ((input[ilen] >= 'A' && input[ilen] <= 'Z')
>>> + || (input[ilen] >= 'a' && input[ilen] <= 'z')
>>> + || (input[ilen] >= '0' && input[ilen] <= '9')
>>> + || (input[ilen] == '_'))
>>> + ++ilen;
>>> +
>>> + rlen = strlen (ref);
>>> +
>>> + /* Can't be the DST we are looking for. */
>>> + if (rlen != ilen)
>>> + return 0;
>>
>> Why do you need that? Just compare, then check the next character.
>
> Are you suggesting that:
> ~~~
> rlen = strlen (ref);
>
> /* Can't be the DST we are looking for. */
> if (rlen != ilen)
> return 0;
> ~~~
> Can be dropped because we are going to compare the strings anyway?
Drop the whole part. When you have compared the string you know that it
is valid so far, so what's the value of validating it twice?
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."
- References:
- [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).