diff options
author | Roland McGrath <roland@hack.frob.com> | 2012-03-25 11:36:35 -0700 |
---|---|---|
committer | Roland McGrath <roland@hack.frob.com> | 2012-03-25 11:36:35 -0700 |
commit | ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a (patch) | |
tree | 533c1564b37b1fe9745867a519e365b3376a5d2b | |
parent | 6a9b9c02fa9904ed410ba5a07d61a1119de39b7a (diff) | |
download | glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.tar.gz glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.tar.xz glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.zip |
Fix confstr use of local buffer outside its extent.
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | posix/confstr.c | 222 |
2 files changed, 111 insertions, 116 deletions
diff --git a/ChangeLog b/ChangeLog index 21ad9ec7c6..8ec88ccedd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2012-03-25 Roland McGrath <roland@hack.frob.com> + + * posix/confstr.c (confstr): Lift RESTENVS definition to function scope. + Reported by Allan McRae <allan@archlinux.org>. + 2012-03-23 Jeff Law <law@redhat.com> * nss/getnssent.c (__nss_getent): Fix typo. diff --git a/posix/confstr.c b/posix/confstr.c index 3c9566d1cf..ad8fea9b28 100644 --- a/posix/confstr.c +++ b/posix/confstr.c @@ -1,5 +1,4 @@ -/* Copyright (C) 1991,1996,1997,2000-2004,2009,2010 Free - Software Foundation, Inc. +/* Copyright (C) 1991-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -34,6 +33,9 @@ confstr (name, buf, len) { const char *string = ""; size_t string_len = 1; + char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"]; + char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"]; + char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"]; switch (name) { @@ -53,59 +55,55 @@ confstr (name, buf, len) wint_t types are no greater than the width of type long. Currently this means all environment which the system allows. */ - { - char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"]; - - string_len = 0; + string_len = 0; #ifndef _POSIX_V7_ILP32_OFF32 - if (__sysconf (_SC_V7_ILP32_OFF32) > 0) + if (__sysconf (_SC_V7_ILP32_OFF32) > 0) #endif #if !defined _POSIX_V7_ILP32_OFF32 || _POSIX_V7_ILP32_OFF32 > 0 - { - memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32", - sizeof "POSIX_V7_ILP32_OFF32" - 1); - string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1; - } + { + memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32", + sizeof "POSIX_V7_ILP32_OFF32" - 1); + string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1; + } #endif #ifndef _POSIX_V7_ILP32_OFFBIG - if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0) + if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0) #endif #if !defined _POSIX_V7_ILP32_OFFBIG || _POSIX_V7_ILP32_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG", - sizeof "POSIX_V7_ILP32_OFFBIG" - 1); - string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG", + sizeof "POSIX_V7_ILP32_OFFBIG" - 1); + string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1; + } #endif #ifndef _POSIX_V7_LP64_OFF64 - if (__sysconf (_SC_V7_LP64_OFF64) > 0) + if (__sysconf (_SC_V7_LP64_OFF64) > 0) #endif #if !defined _POSIX_V7_LP64_OFF64 || _POSIX_V7_LP64_OFF64 > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64", - sizeof "POSIX_V7_LP64_OFF64" - 1); - string_len += sizeof "POSIX_V7_LP64_OFF64" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64", + sizeof "POSIX_V7_LP64_OFF64" - 1); + string_len += sizeof "POSIX_V7_LP64_OFF64" - 1; + } #endif #ifndef _POSIX_V7_LPBIG_OFFBIG - if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0) + if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0) #endif #if !defined _POSIX_V7_LPBIG_OFFBIG || _POSIX_V7_LPBIG_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG", - sizeof "POSIX_V7_LPBIG_OFFBIG" - 1); - string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1; - } -#endif - restenvs[string_len++] = '\0'; - string = restenvs; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG", + sizeof "POSIX_V7_LPBIG_OFFBIG" - 1); + string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1; + } +#endif + restenvs[string_len++] = '\0'; + string = restenvs; break; case _CS_V6_WIDTH_RESTRICTED_ENVS: @@ -116,59 +114,55 @@ confstr (name, buf, len) wint_t types are no greater than the width of type long. Currently this means all environment which the system allows. */ - { - char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"]; - - string_len = 0; + string_len = 0; #ifndef _POSIX_V6_ILP32_OFF32 - if (__sysconf (_SC_V6_ILP32_OFF32) > 0) + if (__sysconf (_SC_V6_ILP32_OFF32) > 0) #endif #if !defined _POSIX_V6_ILP32_OFF32 || _POSIX_V6_ILP32_OFF32 > 0 - { - memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32", - sizeof "POSIX_V6_ILP32_OFF32" - 1); - string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1; - } + { + memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32", + sizeof "POSIX_V6_ILP32_OFF32" - 1); + string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1; + } #endif #ifndef _POSIX_V6_ILP32_OFFBIG - if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0) + if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0) #endif #if !defined _POSIX_V6_ILP32_OFFBIG || _POSIX_V6_ILP32_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG", - sizeof "POSIX_V6_ILP32_OFFBIG" - 1); - string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG", + sizeof "POSIX_V6_ILP32_OFFBIG" - 1); + string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1; + } #endif #ifndef _POSIX_V6_LP64_OFF64 - if (__sysconf (_SC_V6_LP64_OFF64) > 0) + if (__sysconf (_SC_V6_LP64_OFF64) > 0) #endif #if !defined _POSIX_V6_LP64_OFF64 || _POSIX_V6_LP64_OFF64 > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64", - sizeof "POSIX_V6_LP64_OFF64" - 1); - string_len += sizeof "POSIX_V6_LP64_OFF64" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64", + sizeof "POSIX_V6_LP64_OFF64" - 1); + string_len += sizeof "POSIX_V6_LP64_OFF64" - 1; + } #endif #ifndef _POSIX_V6_LPBIG_OFFBIG - if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0) + if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0) #endif #if !defined _POSIX_V6_LPBIG_OFFBIG || _POSIX_V6_LPBIG_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG", - sizeof "POSIX_V6_LPBIG_OFFBIG" - 1); - string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1; - } -#endif - restenvs[string_len++] = '\0'; - string = restenvs; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG", + sizeof "POSIX_V6_LPBIG_OFFBIG" - 1); + string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1; + } +#endif + restenvs[string_len++] = '\0'; + string = restenvs; break; case _CS_V5_WIDTH_RESTRICTED_ENVS: @@ -179,59 +173,55 @@ confstr (name, buf, len) wint_t types are no greater than the width of type long. Currently this means all environment which the system allows. */ - { - char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"]; - - string_len = 0; + string_len = 0; #ifndef _XBS5_ILP32_OFF32 - if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0) + if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0) #endif #if !defined _XBS5_ILP32_OFF32 || _XBS5_ILP32_OFF32 > 0 - { - memcpy (restenvs + string_len, "XBS5_ILP32_OFF32", - sizeof "XBS5_ILP32_OFF32" - 1); - string_len += sizeof "XBS5_ILP32_OFF32" - 1; - } + { + memcpy (restenvs + string_len, "XBS5_ILP32_OFF32", + sizeof "XBS5_ILP32_OFF32" - 1); + string_len += sizeof "XBS5_ILP32_OFF32" - 1; + } #endif #ifndef _XBS5_ILP32_OFFBIG - if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0) + if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0) #endif #if !defined _XBS5_ILP32_OFFBIG || _XBS5_ILP32_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG", - sizeof "XBS5_ILP32_OFFBIG" - 1); - string_len += sizeof "XBS5_ILP32_OFFBIG" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG", + sizeof "XBS5_ILP32_OFFBIG" - 1); + string_len += sizeof "XBS5_ILP32_OFFBIG" - 1; + } #endif #ifndef _XBS5_LP64_OFF64 - if (__sysconf (_SC_XBS5_LP64_OFF64) > 0) + if (__sysconf (_SC_XBS5_LP64_OFF64) > 0) #endif #if !defined _XBS5_LP64_OFF64 || _XBS5_LP64_OFF64 > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "XBS5_LP64_OFF64", - sizeof "XBS5_LP64_OFF64" - 1); - string_len += sizeof "XBS5_LP64_OFF64" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "XBS5_LP64_OFF64", + sizeof "XBS5_LP64_OFF64" - 1); + string_len += sizeof "XBS5_LP64_OFF64" - 1; + } #endif #ifndef _XBS5_LPBIG_OFFBIG - if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0) + if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0) #endif #if !defined _XBS5_LPBIG_OFFBIG || _XBS5_LPBIG_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG", - sizeof "XBS5_LPBIG_OFFBIG" - 1); - string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1; - } -#endif - restenvs[string_len++] = '\0'; - string = restenvs; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG", + sizeof "XBS5_LPBIG_OFFBIG" - 1); + string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1; + } +#endif + restenvs[string_len++] = '\0'; + string = restenvs; break; case _CS_XBS5_ILP32_OFF32_CFLAGS: |