qiurui
/
glibc
mirror of git://sourceware.org/git/glibc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

time: Fix use-after-free in getdate 

getdate would free the buffer pointed to by the result of its call to
strptime, then reference the same buffer later on -- leading to a
use-after-free.  This commit fixes that.

Reported-by: Martin Coufal <mcoufal@redhat.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
This commit is contained in:
Arjun Shankar 2023-06-06 19:20:31 +02:00
parent 200ae471b6
commit 85e6d8b417
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
time/getdate.c
View File

@ -114,6 +114,7 @@ __getdate_r (const char *string, struct tm *tp)
struct tm tm; struct tm tm;
struct __stat64_t64 st; struct __stat64_t64 st;
bool mday_ok = false; bool mday_ok = false;
bool found = false;
datemsk = getenv ("DATEMSK"); datemsk = getenv ("DATEMSK");
if (datemsk == NULL || *datemsk == '\0') if (datemsk == NULL || *datemsk == '\0')
@ -181,7 +182,7 @@ __getdate_r (const char *string, struct tm *tp)
tp->tm_gmtoff = 0; tp->tm_gmtoff = 0;
tp->tm_zone = NULL; tp->tm_zone = NULL;
result = strptime (string, line, tp); result = strptime (string, line, tp);
if (result && *result == '\0') if ((found = (result && *result == '\0')))
break; break;
} }
while (!__feof_unlocked (fp)); while (!__feof_unlocked (fp));
@ -201,7 +202,7 @@ __getdate_r (const char *string, struct tm *tp)
/* Close template file. */ /* Close template file. */
fclose (fp); fclose (fp);
if (result == NULL || *result != '\0') if (!found)
return 7; return 7;
/* Get current time. */ /* Get current time. */