diff options
| author | Arjun Shankar <arjun@redhat.com> | 2023-06-06 19:20:31 +0200 |
|---|---|---|
| committer | Arjun Shankar <arjun@redhat.com> | 2023-06-06 21:14:46 +0200 |
| commit | 85e6d8b4175fcb195011a0a1bad37d6f3b2355db (patch) | |
| tree | 89dc327b8ac6be8557b931c9614cef53f33757c0 | |
| parent | 200ae471b65354eed6f1bc7658f898f2f380951a (diff) | |
| download | glibc-85e6d8b4175fcb195011a0a1bad37d6f3b2355db.tar.gz glibc-85e6d8b4175fcb195011a0a1bad37d6f3b2355db.tar.xz glibc-85e6d8b4175fcb195011a0a1bad37d6f3b2355db.zip | |
time: Fix use-after-free in getdate
getdate would free the buffer pointed to by the result of its call to strptime, then reference the same buffer later on -- leading to a use-after-free. This commit fixes that. Reported-by: Martin Coufal <mcoufal@redhat.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
| -rw-r--r-- | time/getdate.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/time/getdate.c b/time/getdate.c index 1dcbd77188..ca058394a3 100644 --- a/time/getdate.c +++ b/time/getdate.c @@ -114,6 +114,7 @@ __getdate_r (const char *string, struct tm *tp) struct tm tm; struct __stat64_t64 st; bool mday_ok = false; + bool found = false; datemsk = getenv ("DATEMSK"); if (datemsk == NULL || *datemsk == '\0') @@ -181,7 +182,7 @@ __getdate_r (const char *string, struct tm *tp) tp->tm_gmtoff = 0; tp->tm_zone = NULL; result = strptime (string, line, tp); - if (result && *result == '\0') + if ((found = (result && *result == '\0'))) break; } while (!__feof_unlocked (fp)); @@ -201,7 +202,7 @@ __getdate_r (const char *string, struct tm *tp) /* Close template file. */ fclose (fp); - if (result == NULL || *result != '\0') + if (!found) return 7; /* Get current time. */ |