This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH v3] tzset robustness [BZ#17715]
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 16 Feb 2015 12:11:27 -0800
- Subject: Re: [PATCH v3] tzset robustness [BZ#17715]
- Authentication-results: sourceware.org; auth=none
- References: <54E24689 dot 4010108 at redhat dot com>
Florian Weimer wrote:
+ /* POSIX time zone specifiers are much shorter than 256 characters. */
+ char tzbuf;
This part (and the other parts that assume at most 256 for TZ length) do not
look correct to me. The only limit that POSIX places on TZ length is ARG_MAX
bytes (which must be at least 4096 bytes), so the following shell command
conforms to POSIX as far as I can see:
Mon Feb 16 11:47:31 PST 2015
This shell command works in current glibc, as well as on Solaris.
POSIX does allow the implementation to impose a limit of TZNAME_MAX bytes on a
time zone abbreviation like "PST". If the intent is to start imposing a limit
such as 255 in glibc to avoid denial-of-service issues, any such limit should be
done consistently and correctly, e.g., sysconf (TZNAME_MAX) should return 255.
For what it's worth, the public-domain tz code limits itself to at most 255
bytes in a time zone abbreviation taken from the TZ environment variable, and to
at most 50 bytes in a time zone abbreviation stored in a tz binary file.