about summary refs log tree commit diff
diff options
context:
space:
mode:
authorRoland McGrath <roland@hack.frob.com>2012-03-25 11:36:35 -0700
committerRoland McGrath <roland@hack.frob.com>2012-03-25 11:36:35 -0700
commitac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a (patch)
tree533c1564b37b1fe9745867a519e365b3376a5d2b
parent6a9b9c02fa9904ed410ba5a07d61a1119de39b7a (diff)
downloadglibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.tar.gz
glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.tar.xz
glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.zip
Fix confstr use of local buffer outside its extent.
-rw-r--r--ChangeLog5
-rw-r--r--posix/confstr.c222
2 files changed, 111 insertions, 116 deletions
diff --git a/ChangeLog b/ChangeLog
index 21ad9ec7c6..8ec88ccedd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-03-25  Roland McGrath  <roland@hack.frob.com>
+
+	* posix/confstr.c (confstr): Lift RESTENVS definition to function scope.
+	Reported by Allan McRae <allan@archlinux.org>.
+
 2012-03-23  Jeff Law  <law@redhat.com>
 
 	* nss/getnssent.c (__nss_getent): Fix typo.
diff --git a/posix/confstr.c b/posix/confstr.c
index 3c9566d1cf..ad8fea9b28 100644
--- a/posix/confstr.c
+++ b/posix/confstr.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1991,1996,1997,2000-2004,2009,2010 Free
-   Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -34,6 +33,9 @@ confstr (name, buf, len)
 {
   const char *string = "";
   size_t string_len = 1;
+  char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
+  char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"];
+  char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"];
 
   switch (name)
     {
@@ -53,59 +55,55 @@ confstr (name, buf, len)
 	 wint_t types are no greater than the width of type long.
 
 	 Currently this means all environment which the system allows.  */
-      {
-	char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
-
-	string_len = 0;
+      string_len = 0;
 #ifndef _POSIX_V7_ILP32_OFF32
-	if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
+      if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
 #endif
 #if !defined _POSIX_V7_ILP32_OFF32 || _POSIX_V7_ILP32_OFF32 > 0
-	  {
-	    memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
-		    sizeof "POSIX_V7_ILP32_OFF32" - 1);
-	    string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
-	  }
+	{
+	  memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
+		  sizeof "POSIX_V7_ILP32_OFF32" - 1);
+	  string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
+	}
 #endif
 #ifndef _POSIX_V7_ILP32_OFFBIG
-	if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
+      if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
 #endif
 #if !defined _POSIX_V7_ILP32_OFFBIG || _POSIX_V7_ILP32_OFFBIG > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
-		    sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
-	    string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
-	  }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
+		  sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
+	  string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
+	}
 #endif
 #ifndef _POSIX_V7_LP64_OFF64
-	if (__sysconf (_SC_V7_LP64_OFF64) > 0)
+      if (__sysconf (_SC_V7_LP64_OFF64) > 0)
 #endif
 #if !defined _POSIX_V7_LP64_OFF64 || _POSIX_V7_LP64_OFF64 > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
-		    sizeof "POSIX_V7_LP64_OFF64" - 1);
-	    string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
-	  }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
+		  sizeof "POSIX_V7_LP64_OFF64" - 1);
+	  string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
+	}
 #endif
 #ifndef _POSIX_V7_LPBIG_OFFBIG
-	if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
+      if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
 #endif
 #if !defined _POSIX_V7_LPBIG_OFFBIG || _POSIX_V7_LPBIG_OFFBIG > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
-		    sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
-	    string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
-	  }
-#endif
-	restenvs[string_len++] = '\0';
-	string = restenvs;
-      }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
+		  sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
+	  string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
+	}
+#endif
+      restenvs[string_len++] = '\0';
+      string = restenvs;
       break;
 
     case _CS_V6_WIDTH_RESTRICTED_ENVS:
@@ -116,59 +114,55 @@ confstr (name, buf, len)
 	 wint_t types are no greater than the width of type long.
 
 	 Currently this means all environment which the system allows.  */
-      {
-	char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"];
-
-	string_len = 0;
+      string_len = 0;
 #ifndef _POSIX_V6_ILP32_OFF32
-	if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
+      if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
 #endif
 #if !defined _POSIX_V6_ILP32_OFF32 || _POSIX_V6_ILP32_OFF32 > 0
-	  {
-	    memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
-		    sizeof "POSIX_V6_ILP32_OFF32" - 1);
-	    string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
-	  }
+	{
+	  memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
+		  sizeof "POSIX_V6_ILP32_OFF32" - 1);
+	  string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
+	}
 #endif
 #ifndef _POSIX_V6_ILP32_OFFBIG
-	if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
+      if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
 #endif
 #if !defined _POSIX_V6_ILP32_OFFBIG || _POSIX_V6_ILP32_OFFBIG > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
-		    sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
-	    string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
-	  }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
+		  sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
+	  string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
+	}
 #endif
 #ifndef _POSIX_V6_LP64_OFF64
-	if (__sysconf (_SC_V6_LP64_OFF64) > 0)
+      if (__sysconf (_SC_V6_LP64_OFF64) > 0)
 #endif
 #if !defined _POSIX_V6_LP64_OFF64 || _POSIX_V6_LP64_OFF64 > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
-		    sizeof "POSIX_V6_LP64_OFF64" - 1);
-	    string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
-	  }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
+		  sizeof "POSIX_V6_LP64_OFF64" - 1);
+	  string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
+	}
 #endif
 #ifndef _POSIX_V6_LPBIG_OFFBIG
-	if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
+      if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
 #endif
 #if !defined _POSIX_V6_LPBIG_OFFBIG || _POSIX_V6_LPBIG_OFFBIG > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
-		    sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
-	    string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
-	  }
-#endif
-	restenvs[string_len++] = '\0';
-	string = restenvs;
-      }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
+		  sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
+	  string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
+	}
+#endif
+      restenvs[string_len++] = '\0';
+      string = restenvs;
       break;
 
     case _CS_V5_WIDTH_RESTRICTED_ENVS:
@@ -179,59 +173,55 @@ confstr (name, buf, len)
 	 wint_t types are no greater than the width of type long.
 
 	 Currently this means all environment which the system allows.  */
-      {
-	char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"];
-
-	string_len = 0;
+      string_len = 0;
 #ifndef _XBS5_ILP32_OFF32
-	if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
+      if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
 #endif
 #if !defined _XBS5_ILP32_OFF32 || _XBS5_ILP32_OFF32 > 0
-	  {
-	    memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
-		    sizeof "XBS5_ILP32_OFF32" - 1);
-	    string_len += sizeof "XBS5_ILP32_OFF32" - 1;
-	  }
+	{
+	  memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
+		  sizeof "XBS5_ILP32_OFF32" - 1);
+	  string_len += sizeof "XBS5_ILP32_OFF32" - 1;
+	}
 #endif
 #ifndef _XBS5_ILP32_OFFBIG
-	if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
+      if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
 #endif
 #if !defined _XBS5_ILP32_OFFBIG || _XBS5_ILP32_OFFBIG > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
-		    sizeof "XBS5_ILP32_OFFBIG" - 1);
-	    string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
-	  }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
+		  sizeof "XBS5_ILP32_OFFBIG" - 1);
+	  string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
+	}
 #endif
 #ifndef _XBS5_LP64_OFF64
-	if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
+      if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
 #endif
 #if !defined _XBS5_LP64_OFF64 || _XBS5_LP64_OFF64 > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
-		    sizeof "XBS5_LP64_OFF64" - 1);
-	    string_len += sizeof "XBS5_LP64_OFF64" - 1;
-	  }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
+		  sizeof "XBS5_LP64_OFF64" - 1);
+	  string_len += sizeof "XBS5_LP64_OFF64" - 1;
+	}
 #endif
 #ifndef _XBS5_LPBIG_OFFBIG
-	if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
+      if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
 #endif
 #if !defined _XBS5_LPBIG_OFFBIG || _XBS5_LPBIG_OFFBIG > 0
-	  {
-	    if (string_len)
-	      restenvs[string_len++] = '\n';
-	    memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
-		    sizeof "XBS5_LPBIG_OFFBIG" - 1);
-	    string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
-	  }
-#endif
-	restenvs[string_len++] = '\0';
-	string = restenvs;
-      }
+	{
+	  if (string_len)
+	    restenvs[string_len++] = '\n';
+	  memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
+		  sizeof "XBS5_LPBIG_OFFBIG" - 1);
+	  string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
+	}
+#endif
+      restenvs[string_len++] = '\0';
+      string = restenvs;
       break;
 
     case _CS_XBS5_ILP32_OFF32_CFLAGS: