about summary refs log tree commit diff
diff options
context:
space:
mode:
authorOndřej Bílka <neleai@seznam.cz>2013-10-20 08:25:25 +0200
committerOndřej Bílka <neleai@seznam.cz>2013-10-20 08:26:05 +0200
commit45c30c61c9001867c1891f5862764f084e53f348 (patch)
treec0455f7bbf57ef230ce6dad3c448bb8ae55bed9b
parent3d7dc513b782407bd397b13771a631d9080d3aac (diff)
downloadglibc-45c30c61c9001867c1891f5862764f084e53f348.tar.gz
glibc-45c30c61c9001867c1891f5862764f084e53f348.tar.xz
glibc-45c30c61c9001867c1891f5862764f084e53f348.zip
Replace alloca in __tzfile_read by malloc. Fixes bug 15670
-rw-r--r--ChangeLog5
-rw-r--r--NEWS10
-rw-r--r--time/tzfile.c26
3 files changed, 18 insertions, 23 deletions
diff --git a/ChangeLog b/ChangeLog
index d2de84ab22..1f2d833885 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-10-19  Ondřej Bílka  <neleai@seznam.cz>
+
+	[BZ #15670]
+	* time/tzfile.c (__tzfile_read): Replace alloca with malloc.
+
 2013-10-18  Carlos O'Donell  <carlos@redhat.com>
 
 	* manual/crypt.texi (Cryptographic Functions): Using SunRPC and
diff --git a/NEWS b/NEWS
index 9e32ba5e2e..93f884db7b 100644
--- a/NEWS
+++ b/NEWS
@@ -11,11 +11,11 @@ Version 2.19
 
   156, 431, 832, 13028, 13982, 13985, 14155, 14547, 14699, 14910, 15048,
   15218, 15277, 15308, 15362, 15400, 15427, 15522, 15531, 15532, 15608,
-  15609, 15610, 15632, 15640, 15672, 15680, 15681, 15723, 15734, 15735,
-  15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847, 15849,
-  15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893,
-  15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, 15963,
-  15966, 15988, 16032, 16034, 16036, 16041.
+  15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723, 15734,
+  15735, 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847,
+  15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892,
+  15893, 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948,
+  15963, 15966, 15988, 16032, 16034, 16036, 16041.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache
diff --git a/time/tzfile.c b/time/tzfile.c
index 9dd5130757..3ea3051f4c 100644
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -114,6 +114,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   int was_using_tzfile = __use_tzfile;
   int trans_width = 4;
   size_t tzspec_len;
+  char *new = NULL;
 
   if (sizeof (time_t) != 4 && sizeof (time_t) != 8)
     abort ();
@@ -145,22 +146,12 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   if (*file != '/')
     {
       const char *tzdir;
-      unsigned int len, tzdir_len;
-      char *new, *tmp;
 
       tzdir = getenv ("TZDIR");
       if (tzdir == NULL || *tzdir == '\0')
-	{
-	  tzdir = default_tzdir;
-	  tzdir_len = sizeof (default_tzdir) - 1;
-	}
-      else
-	tzdir_len = strlen (tzdir);
-      len = strlen (file) + 1;
-      new = (char *) __alloca (tzdir_len + 1 + len);
-      tmp = __mempcpy (new, tzdir, tzdir_len);
-      *tmp++ = '/';
-      memcpy (tmp, file, len);
+	tzdir = default_tzdir;
+      if (__asprintf (&new, "%s/%s", tzdir, file) == -1)
+	goto ret_free_transitions;
       file = new;
     }
 
@@ -170,11 +161,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
       && stat64 (file, &st) == 0
       && tzfile_ino == st.st_ino && tzfile_dev == st.st_dev
       && tzfile_mtime == st.st_mtime)
-    {
-      /* Nothing to do.  */
-      __use_tzfile = 1;
-      return;
-    }
+    goto done;  /* Nothing to do.  */
 
   /* Note the file is opened with cancellation in the I/O functions
      disabled and if available FD_CLOEXEC set.  */
@@ -527,12 +514,15 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   __daylight = rule_stdoff != rule_dstoff;
   __timezone = -rule_stdoff;
 
+ done:
   __use_tzfile = 1;
+  free (new);
   return;
 
  lose:
   fclose (f);
  ret_free_transitions:
+  free (new);
   free ((void *) transitions);
   transitions = NULL;
 }