From ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Sun, 25 Mar 2012 11:36:35 -0700 Subject: [PATCH] Fix confstr use of local buffer outside its extent. --- ChangeLog | 5 ++ posix/confstr.c | 222 +++++++++++++++++++++++++++----------------------------- 2 files changed, 111 insertions(+), 116 deletions(-) diff --git a/ChangeLog b/ChangeLog index 21ad9ec..8ec88cc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2012-03-25 Roland McGrath + + * posix/confstr.c (confstr): Lift RESTENVS definition to function scope. + Reported by Allan McRae . + 2012-03-23 Jeff Law * nss/getnssent.c (__nss_getent): Fix typo. diff --git a/posix/confstr.c b/posix/confstr.c index 3c9566d..ad8fea9 100644 --- a/posix/confstr.c +++ b/posix/confstr.c @@ -1,5 +1,4 @@ -/* Copyright (C) 1991,1996,1997,2000-2004,2009,2010 Free - Software Foundation, Inc. +/* Copyright (C) 1991-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -34,6 +33,9 @@ confstr (name, buf, len) { const char *string = ""; size_t string_len = 1; + char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"]; + char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"]; + char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"]; switch (name) { @@ -53,59 +55,55 @@ confstr (name, buf, len) wint_t types are no greater than the width of type long. Currently this means all environment which the system allows. */ - { - char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"]; - - string_len = 0; + string_len = 0; #ifndef _POSIX_V7_ILP32_OFF32 - if (__sysconf (_SC_V7_ILP32_OFF32) > 0) + if (__sysconf (_SC_V7_ILP32_OFF32) > 0) #endif #if !defined _POSIX_V7_ILP32_OFF32 || _POSIX_V7_ILP32_OFF32 > 0 - { - memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32", - sizeof "POSIX_V7_ILP32_OFF32" - 1); - string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1; - } + { + memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32", + sizeof "POSIX_V7_ILP32_OFF32" - 1); + string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1; + } #endif #ifndef _POSIX_V7_ILP32_OFFBIG - if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0) + if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0) #endif #if !defined _POSIX_V7_ILP32_OFFBIG || _POSIX_V7_ILP32_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG", - sizeof "POSIX_V7_ILP32_OFFBIG" - 1); - string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG", + sizeof "POSIX_V7_ILP32_OFFBIG" - 1); + string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1; + } #endif #ifndef _POSIX_V7_LP64_OFF64 - if (__sysconf (_SC_V7_LP64_OFF64) > 0) + if (__sysconf (_SC_V7_LP64_OFF64) > 0) #endif #if !defined _POSIX_V7_LP64_OFF64 || _POSIX_V7_LP64_OFF64 > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64", - sizeof "POSIX_V7_LP64_OFF64" - 1); - string_len += sizeof "POSIX_V7_LP64_OFF64" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64", + sizeof "POSIX_V7_LP64_OFF64" - 1); + string_len += sizeof "POSIX_V7_LP64_OFF64" - 1; + } #endif #ifndef _POSIX_V7_LPBIG_OFFBIG - if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0) + if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0) #endif #if !defined _POSIX_V7_LPBIG_OFFBIG || _POSIX_V7_LPBIG_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG", - sizeof "POSIX_V7_LPBIG_OFFBIG" - 1); - string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1; - } -#endif - restenvs[string_len++] = '\0'; - string = restenvs; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG", + sizeof "POSIX_V7_LPBIG_OFFBIG" - 1); + string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1; + } +#endif + restenvs[string_len++] = '\0'; + string = restenvs; break; case _CS_V6_WIDTH_RESTRICTED_ENVS: @@ -116,59 +114,55 @@ confstr (name, buf, len) wint_t types are no greater than the width of type long. Currently this means all environment which the system allows. */ - { - char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"]; - - string_len = 0; + string_len = 0; #ifndef _POSIX_V6_ILP32_OFF32 - if (__sysconf (_SC_V6_ILP32_OFF32) > 0) + if (__sysconf (_SC_V6_ILP32_OFF32) > 0) #endif #if !defined _POSIX_V6_ILP32_OFF32 || _POSIX_V6_ILP32_OFF32 > 0 - { - memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32", - sizeof "POSIX_V6_ILP32_OFF32" - 1); - string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1; - } + { + memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32", + sizeof "POSIX_V6_ILP32_OFF32" - 1); + string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1; + } #endif #ifndef _POSIX_V6_ILP32_OFFBIG - if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0) + if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0) #endif #if !defined _POSIX_V6_ILP32_OFFBIG || _POSIX_V6_ILP32_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG", - sizeof "POSIX_V6_ILP32_OFFBIG" - 1); - string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG", + sizeof "POSIX_V6_ILP32_OFFBIG" - 1); + string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1; + } #endif #ifndef _POSIX_V6_LP64_OFF64 - if (__sysconf (_SC_V6_LP64_OFF64) > 0) + if (__sysconf (_SC_V6_LP64_OFF64) > 0) #endif #if !defined _POSIX_V6_LP64_OFF64 || _POSIX_V6_LP64_OFF64 > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64", - sizeof "POSIX_V6_LP64_OFF64" - 1); - string_len += sizeof "POSIX_V6_LP64_OFF64" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64", + sizeof "POSIX_V6_LP64_OFF64" - 1); + string_len += sizeof "POSIX_V6_LP64_OFF64" - 1; + } #endif #ifndef _POSIX_V6_LPBIG_OFFBIG - if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0) + if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0) #endif #if !defined _POSIX_V6_LPBIG_OFFBIG || _POSIX_V6_LPBIG_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG", - sizeof "POSIX_V6_LPBIG_OFFBIG" - 1); - string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1; - } -#endif - restenvs[string_len++] = '\0'; - string = restenvs; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG", + sizeof "POSIX_V6_LPBIG_OFFBIG" - 1); + string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1; + } +#endif + restenvs[string_len++] = '\0'; + string = restenvs; break; case _CS_V5_WIDTH_RESTRICTED_ENVS: @@ -179,59 +173,55 @@ confstr (name, buf, len) wint_t types are no greater than the width of type long. Currently this means all environment which the system allows. */ - { - char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"]; - - string_len = 0; + string_len = 0; #ifndef _XBS5_ILP32_OFF32 - if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0) + if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0) #endif #if !defined _XBS5_ILP32_OFF32 || _XBS5_ILP32_OFF32 > 0 - { - memcpy (restenvs + string_len, "XBS5_ILP32_OFF32", - sizeof "XBS5_ILP32_OFF32" - 1); - string_len += sizeof "XBS5_ILP32_OFF32" - 1; - } + { + memcpy (restenvs + string_len, "XBS5_ILP32_OFF32", + sizeof "XBS5_ILP32_OFF32" - 1); + string_len += sizeof "XBS5_ILP32_OFF32" - 1; + } #endif #ifndef _XBS5_ILP32_OFFBIG - if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0) + if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0) #endif #if !defined _XBS5_ILP32_OFFBIG || _XBS5_ILP32_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG", - sizeof "XBS5_ILP32_OFFBIG" - 1); - string_len += sizeof "XBS5_ILP32_OFFBIG" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG", + sizeof "XBS5_ILP32_OFFBIG" - 1); + string_len += sizeof "XBS5_ILP32_OFFBIG" - 1; + } #endif #ifndef _XBS5_LP64_OFF64 - if (__sysconf (_SC_XBS5_LP64_OFF64) > 0) + if (__sysconf (_SC_XBS5_LP64_OFF64) > 0) #endif #if !defined _XBS5_LP64_OFF64 || _XBS5_LP64_OFF64 > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "XBS5_LP64_OFF64", - sizeof "XBS5_LP64_OFF64" - 1); - string_len += sizeof "XBS5_LP64_OFF64" - 1; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "XBS5_LP64_OFF64", + sizeof "XBS5_LP64_OFF64" - 1); + string_len += sizeof "XBS5_LP64_OFF64" - 1; + } #endif #ifndef _XBS5_LPBIG_OFFBIG - if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0) + if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0) #endif #if !defined _XBS5_LPBIG_OFFBIG || _XBS5_LPBIG_OFFBIG > 0 - { - if (string_len) - restenvs[string_len++] = '\n'; - memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG", - sizeof "XBS5_LPBIG_OFFBIG" - 1); - string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1; - } -#endif - restenvs[string_len++] = '\0'; - string = restenvs; - } + { + if (string_len) + restenvs[string_len++] = '\n'; + memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG", + sizeof "XBS5_LPBIG_OFFBIG" - 1); + string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1; + } +#endif + restenvs[string_len++] = '\0'; + string = restenvs; break; case _CS_XBS5_ILP32_OFF32_CFLAGS: -- 2.7.4