Replace alloca in __tzfile_read by malloc. Fixes bug 15670

diff --git a/ChangeLog b/ChangeLog
index d2de84a..1f2d833 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-10-19  Ondřej Bílka  <neleai@seznam.cz>
+
+       [BZ #15670]
+       * time/tzfile.c (__tzfile_read): Replace alloca with malloc.
+
 2013-10-18  Carlos O'Donell  <carlos@redhat.com>
 
        * manual/crypt.texi (Cryptographic Functions): Using SunRPC and

diff --git a/NEWS b/NEWS
index 9e32ba5..93f884d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,11 +11,11 @@ Version 2.19
 
   156, 431, 832, 13028, 13982, 13985, 14155, 14547, 14699, 14910, 15048,
   15218, 15277, 15308, 15362, 15400, 15427, 15522, 15531, 15532, 15608,
-  15609, 15610, 15632, 15640, 15672, 15680, 15681, 15723, 15734, 15735,
-  15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847, 15849,
-  15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893,
-  15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948, 15963,
-  15966, 15988, 16032, 16034, 16036, 16041.
+  15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723, 15734,
+  15735, 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15844, 15847,
+  15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887, 15890, 15892,
+  15893, 15895, 15897, 15905, 15909, 15919, 15921, 15923, 15939, 15948,
+  15963, 15966, 15988, 16032, 16034, 16036, 16041.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache

diff --git a/time/tzfile.c b/time/tzfile.c
index 9dd5130..3ea3051 100644 (file)
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -114,6 +114,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   int was_using_tzfile = __use_tzfile;
   int trans_width = 4;
   size_t tzspec_len;
+  char *new = NULL;
 
   if (sizeof (time_t) != 4 && sizeof (time_t) != 8)
     abort ();
@@ -145,22 +146,12 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   if (*file != '/')
     {
       const char *tzdir;
-      unsigned int len, tzdir_len;
-      char *new, *tmp;
 
       tzdir = getenv ("TZDIR");
       if (tzdir == NULL || *tzdir == '\0')
-       {
-         tzdir = default_tzdir;
-         tzdir_len = sizeof (default_tzdir) - 1;
-       }
-      else
-       tzdir_len = strlen (tzdir);
-      len = strlen (file) + 1;
-      new = (char *) __alloca (tzdir_len + 1 + len);
-      tmp = __mempcpy (new, tzdir, tzdir_len);
-      *tmp++ = '/';
-      memcpy (tmp, file, len);
+       tzdir = default_tzdir;
+      if (__asprintf (&new, "%s/%s", tzdir, file) == -1)
+       goto ret_free_transitions;
       file = new;
     }
 
@@ -170,11 +161,7 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
       && stat64 (file, &st) == 0
       && tzfile_ino == st.st_ino && tzfile_dev == st.st_dev
       && tzfile_mtime == st.st_mtime)
-    {
-      /* Nothing to do.  */
-      __use_tzfile = 1;
-      return;
-    }
+    goto done;  /* Nothing to do.  */
 
   /* Note the file is opened with cancellation in the I/O functions
      disabled and if available FD_CLOEXEC set.  */
@@ -527,12 +514,15 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
   __daylight = rule_stdoff != rule_dstoff;
   __timezone = -rule_stdoff;
 
+ done:
   __use_tzfile = 1;
+  free (new);
   return;
 
  lose:
   fclose (f);
  ret_free_transitions:
+  free (new);
   free ((void *) transitions);
   transitions = NULL;
 }