mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-27 03:41:23 +08:00
time: Avoid memcmp overread in tzset (bug 31931)
The test does not necessarily trigger the crash, depending on memcmp behavior. A crash was observed in __memcmp_ia32 on i686 builds. Reviewed-by: Paul Eggert <eggert@cs.ucla.edu>
This commit is contained in:
parent
b79238db4a
commit
21738846a1
@ -50,7 +50,8 @@ tests := test_time clocktest tst-posixtz tst-strptime tst_wcsftime \
|
||||
tst-clock tst-clock2 tst-clock_nanosleep tst-cpuclock1 \
|
||||
tst-adjtime tst-ctime tst-difftime tst-mktime4 tst-clock_settime \
|
||||
tst-settimeofday tst-itimer tst-gmtime tst-timegm \
|
||||
tst-timespec_get tst-timespec_getres tst-strftime4
|
||||
tst-timespec_get tst-timespec_getres tst-strftime4 \
|
||||
tst-tzfile-fault
|
||||
|
||||
tests-time64 := \
|
||||
tst-adjtime-time64 \
|
||||
@ -110,3 +111,5 @@ tst-tzname-ENV = TZDIR=${common-objpfx}timezone/testdata
|
||||
CPPFLAGS-tst-tzname.c += -DTZDEFRULES='"$(posixrules-file)"'
|
||||
|
||||
bug-getdate1-ARGS = ${objpfx}bug-getdate1-fmt
|
||||
|
||||
tst-tzfile-fault-ENV = GLIBC_TUNABLES=glibc.rtld.enable_secure=1
|
||||
|
44
time/tst-tzfile-fault.c
Normal file
44
time/tst-tzfile-fault.c
Normal file
@ -0,0 +1,44 @@
|
||||
/* Attempt to trigger fault with very short TZ variable (bug 31931).
|
||||
Copyright (C) 2024 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, see
|
||||
<https://www.gnu.org/licenses/>. */
|
||||
|
||||
|
||||
#include <support/next_to_fault.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <string.h>
|
||||
|
||||
static char tz[] = "TZ=/";
|
||||
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
struct support_next_to_fault ntf
|
||||
= support_next_to_fault_allocate (sizeof (tz));
|
||||
memcpy (ntf.buffer, tz, sizeof (tz));
|
||||
putenv (ntf.buffer);
|
||||
|
||||
tzset ();
|
||||
|
||||
/* Avoid dangling pointer in environ. */
|
||||
putenv (tz);
|
||||
support_next_to_fault_free (&ntf);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#include <support/test-driver.c>
|
@ -134,8 +134,9 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
|
||||
and which is not the system wide default TZDEFAULT. */
|
||||
if (__libc_enable_secure
|
||||
&& ((*file == '/'
|
||||
&& memcmp (file, TZDEFAULT, sizeof TZDEFAULT)
|
||||
&& memcmp (file, default_tzdir, sizeof (default_tzdir) - 1))
|
||||
&& strcmp (file, TZDEFAULT) != 0
|
||||
&& (strncmp (file, default_tzdir, sizeof (default_tzdir) - 1)
|
||||
!= 0))
|
||||
|| strstr (file, "../") != NULL))
|
||||
/* This test is certainly a bit too restrictive but it should
|
||||
catch all critical cases. */
|
||||
|
Loading…
Reference in New Issue
Block a user