From patchwork Sun Jan 5 05:57:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Eggert X-Patchwork-Id: 104072 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 17B653858C5F for ; Sun, 5 Jan 2025 06:25:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 17B653858C5F Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=cs.ucla.edu header.i=@cs.ucla.edu header.a=rsa-sha256 header.s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C header.b=cyLxFmmW X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66]) by sourceware.org (Postfix) with ESMTPS id 49DDC3858D21 for ; Sun, 5 Jan 2025 05:59:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 49DDC3858D21 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 49DDC3858D21 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=131.179.128.66 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1736056779; cv=none; b=TUie6LFeBzuvBXLJLGbEdh7aKzCjBXz/P+MIy7dLTkzee3Dl/ukn5hK23Ufeu803brLbs/Ovlb4HMIm/8a7vHkI0wGa8gwAhQdKAxM5/ZYkpj9V1B0jcR41C0VF1+mnhlg6ENlC+NZUHb8WuU4mABjfsTyZrGuNDfjAWz86iEwU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1736056779; c=relaxed/simple; bh=xvPa61cZXTHY4BKLN4nGkugoJ7CdQH+sUfXZoPEPXN4=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=VzUajq95ccqQ7IRKzWCJN51afS2UUCbjCjwBGKPnreE1gbjWH1ZOr7mKefMRkCcBaLsFq1zrI51hkpp8k7XwocHqF+qTRh6S6Yo2WdK8d2LFB+YShpGzaE5PHVp8b2zwyjMrqEuoOVCwHuymrMfy7HKyPrn2es/ywuNsbu/dyGk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 49DDC3858D21 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id C38BB3C123844 for ; Sat, 4 Jan 2025 21:59:38 -0800 (PST) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP id KBTVhslHnlwQ; Sat, 4 Jan 2025 21:59:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 7CFA13C123843; Sat, 4 Jan 2025 21:59:38 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 7CFA13C123843 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1736056778; bh=urwbf9178kdO2qau6nLYbDeRVb6x+lgOLT6rMhKflIU=; h=From:To:Date:Message-ID:MIME-Version; b=cyLxFmmWUfidogCXswbuxv8+BfcTBDsHtB5jU1D+Wmz8eQ+3OK7DE5sqpruNfFEkG zM8oMXUFVWnJHf+EMzYWO2ybuE2U1zLoSLWOF/7WeYEWfLXSIVaqnBbNB/EevQLqbl /fdyj/CZXwb20U+GtqdrJMZJjOpsW2tcxBtfOSSa1TlSlP12+vUnoGD946bYT7vwUz wN+OcVET8Ymn7ZnVaajEiOfAzbJQLM/GFC9ePV4njoKihlcWpbZRjpZsaTHoeCCHs7 hTypxnFN6nO+NhsLw1V15DhC/oxoryFYLyOrUZp6FOc+Tkz32RG9/B5yMEswxKzCI8 zuH/5WJbrRMCA== X-Virus-Scanned: amavis at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id cqMplm4aOkyt; Sat, 4 Jan 2025 21:59:38 -0800 (PST) Received: from wing.home (unknown [47.154.28.214]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 6625A3C082EB9; Sat, 4 Jan 2025 21:59:38 -0800 (PST) From: Paul Eggert To: libc-alpha@sourceware.org Cc: Paul Eggert Subject: [PATCH 33/59] Reject TZif files containing '\0' in TZ string Date: Sat, 4 Jan 2025 21:57:08 -0800 Message-ID: <20250105055750.1668721-34-eggert@cs.ucla.edu> X-Mailer: git-send-email 2.45.2 In-Reply-To: <01207110-bd60-46ae-9c08-fb39c2011067@cs.ucla.edu> References: <01207110-bd60-46ae-9c08-fb39c2011067@cs.ucla.edu> MIME-Version: 1.0 X-Spam-Status: No, score=-10.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org * time/tzfile.c (__tzfile_read): Don't allow TZif strings that contain '\0'. If a TZif file is longer than needed, perhaps due to future TZif format, don't bother reading the excess data. --- time/tzfile.c | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/time/tzfile.c b/time/tzfile.c index dae6b2b613..744c7690ab 100644 --- a/time/tzfile.c +++ b/time/tzfile.c @@ -258,7 +258,7 @@ __tzfile_read (const char *file) goto read_again; } - /* Compute the size of the proleptic time zone specification in the + /* Compute a bound on the size of the proleptic time zone specification in the file. This includes the trailing but not the leading newline. */ size_t tzspec_size; if (trans_width == 8) @@ -472,24 +472,33 @@ __tzfile_read (const char *file) types[i++].isutc = 0; /* Read the proleptic TZ information if possible. */ - if (tzspec != NULL) + if (tzspec_size != 0) { - char *nl; - assert (tzspec_size > 0); - /* Skip the leading newline, then grab everything up to the next - newline; ignore everything after that. */ - if (__getc_unlocked (f) == '\n' - && __fread_unlocked (tzspec, 1, tzspec_size, f) == tzspec_size - && (nl = memchr (tzspec, '\n', tzspec_size)) != NULL) - *nl = '\0'; - else + /* Don't use a TZ string not preceded by newline. */ + if (__getc_unlocked (f) != '\n') + goto lose; + size_t len = 0; + /* Grab everything up to the next newline. Ignore the remaining + part of the file as it may be a later TZif version. */ + for (int ch; (ch = __getc_unlocked (f)) != '\n'; ) + { + /* Don't use a truncated TZ string, or one containing '\0'. */ + if (ch <= 0) + goto lose; + + tzspec[len++] = ch; + + /* Don't use a TZ string that lacks a trailing newline. */ + if (len == tzspec_size) + goto lose; + } + tzspec[len] = '\0'; + + /* Don't use an empty TZ string. */ + if (len == 0) tzspec = NULL; } - /* Don't use an empty TZ string. */ - if (tzspec != NULL && tzspec[0] == '\0') - tzspec = NULL; - fclose (f); /* First "register" all time zone abbreviations. */