mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-27 03:41:23 +08:00
time: Avoid memcmp overread in tzset (bug 31931)
The test does not necessarily trigger the crash, depending on memcmp behavior. A crash was observed in __memcmp_ia32 on i686 builds. Reviewed-by: Paul Eggert <eggert@cs.ucla.edu>
This commit is contained in:
parent
b79238db4a
commit
21738846a1
@ -50,7 +50,8 @@ tests := test_time clocktest tst-posixtz tst-strptime tst_wcsftime \
|
|||||||
tst-clock tst-clock2 tst-clock_nanosleep tst-cpuclock1 \
|
tst-clock tst-clock2 tst-clock_nanosleep tst-cpuclock1 \
|
||||||
tst-adjtime tst-ctime tst-difftime tst-mktime4 tst-clock_settime \
|
tst-adjtime tst-ctime tst-difftime tst-mktime4 tst-clock_settime \
|
||||||
tst-settimeofday tst-itimer tst-gmtime tst-timegm \
|
tst-settimeofday tst-itimer tst-gmtime tst-timegm \
|
||||||
tst-timespec_get tst-timespec_getres tst-strftime4
|
tst-timespec_get tst-timespec_getres tst-strftime4 \
|
||||||
|
tst-tzfile-fault
|
||||||
|
|
||||||
tests-time64 := \
|
tests-time64 := \
|
||||||
tst-adjtime-time64 \
|
tst-adjtime-time64 \
|
||||||
@ -110,3 +111,5 @@ tst-tzname-ENV = TZDIR=${common-objpfx}timezone/testdata
|
|||||||
CPPFLAGS-tst-tzname.c += -DTZDEFRULES='"$(posixrules-file)"'
|
CPPFLAGS-tst-tzname.c += -DTZDEFRULES='"$(posixrules-file)"'
|
||||||
|
|
||||||
bug-getdate1-ARGS = ${objpfx}bug-getdate1-fmt
|
bug-getdate1-ARGS = ${objpfx}bug-getdate1-fmt
|
||||||
|
|
||||||
|
tst-tzfile-fault-ENV = GLIBC_TUNABLES=glibc.rtld.enable_secure=1
|
||||||
|
44
time/tst-tzfile-fault.c
Normal file
44
time/tst-tzfile-fault.c
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
/* Attempt to trigger fault with very short TZ variable (bug 31931).
|
||||||
|
Copyright (C) 2024 Free Software Foundation, Inc.
|
||||||
|
This file is part of the GNU C Library.
|
||||||
|
|
||||||
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU Lesser General Public
|
||||||
|
License as published by the Free Software Foundation; either
|
||||||
|
version 2.1 of the License, or (at your option) any later version.
|
||||||
|
|
||||||
|
The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
Lesser General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Lesser General Public
|
||||||
|
License along with the GNU C Library; if not, see
|
||||||
|
<https://www.gnu.org/licenses/>. */
|
||||||
|
|
||||||
|
|
||||||
|
#include <support/next_to_fault.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <time.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
static char tz[] = "TZ=/";
|
||||||
|
|
||||||
|
static int
|
||||||
|
do_test (void)
|
||||||
|
{
|
||||||
|
struct support_next_to_fault ntf
|
||||||
|
= support_next_to_fault_allocate (sizeof (tz));
|
||||||
|
memcpy (ntf.buffer, tz, sizeof (tz));
|
||||||
|
putenv (ntf.buffer);
|
||||||
|
|
||||||
|
tzset ();
|
||||||
|
|
||||||
|
/* Avoid dangling pointer in environ. */
|
||||||
|
putenv (tz);
|
||||||
|
support_next_to_fault_free (&ntf);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#include <support/test-driver.c>
|
@ -134,8 +134,9 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
|
|||||||
and which is not the system wide default TZDEFAULT. */
|
and which is not the system wide default TZDEFAULT. */
|
||||||
if (__libc_enable_secure
|
if (__libc_enable_secure
|
||||||
&& ((*file == '/'
|
&& ((*file == '/'
|
||||||
&& memcmp (file, TZDEFAULT, sizeof TZDEFAULT)
|
&& strcmp (file, TZDEFAULT) != 0
|
||||||
&& memcmp (file, default_tzdir, sizeof (default_tzdir) - 1))
|
&& (strncmp (file, default_tzdir, sizeof (default_tzdir) - 1)
|
||||||
|
!= 0))
|
||||||
|| strstr (file, "../") != NULL))
|
|| strstr (file, "../") != NULL))
|
||||||
/* This test is certainly a bit too restrictive but it should
|
/* This test is certainly a bit too restrictive but it should
|
||||||
catch all critical cases. */
|
catch all critical cases. */
|
||||||
|
Loading…
Reference in New Issue
Block a user