From 42261ad731991df345880b0b509d83b0b9a9b9d8 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 24 Apr 2015 17:34:47 +0200
Subject: Make time zone file parser more robust [BZ #17715]

---
 ChangeLog | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index f515a2a43e..dbafd866f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,30 @@
+2015-04-24  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #17715]
+	* time/tzfile.c (__tzfile_read): Check for large values of
+	tzh_ttisstdcnt and tzh_ttisgmtcnt.  Use malloc instead of alloca.
+	* time/tzset.c (__tzstring_len): New function, based on the old
+	__tzstring function.
+	(__tzstring): Call __tzstring_len.
+	(parse_tzname): New helper function extracted from
+	__tzset_parse_tz.  Call __tzstring_len, without making a copy of
+	the input string.
+	(parse_offset): New helper function extracted from
+	__tzset_parse_tz.  Replace switch with fallthrough with
+	initialization before sscanf.
+	(parse_rule): Likewise.
+	(__tzset_parse_tz): Rewrite using the new helper functions.  Use
+	new-style function definition.
+	* timezone/Makefile (tests): Add tst-tzset.
+	(tst-tzset.out): Dependencies on time zone files.
+	(tst-tzset-ENV): Set TZDIR.
+	(testdata/XT%): Copy crafted time zone files.
+	* timezone/README: Mention crafted time zone files.
+	* timezone/testdata/XT1, timezone/testdata/XT2,
+	timezone/testdata/XT3, timezone/testdata/XT4: New time zone test
+	files.
+	* timezone/tst-tzset.c: New test.
+
 2015-04-24  Florian Weimer  <fweimer@redhat.com>
 
 	* Makeconfig (+gccwarn): Remove -Winline.
-- 
cgit 1.4.1