From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by sourceware.org (Postfix) with ESMTPS id 650DD3861828 for ; Wed, 26 Jun 2024 09:47:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 650DD3861828 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 650DD3861828 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719395281; cv=none; b=WHlZ27ueHmGZTmT3q1RFfisNvQMXr3T9BO0EgG3uk050PgcieJkQGVTYSpiMxj/n+J3eHlmXteeGcEEbkAM9bL6539FQozg1wpNJIt1R0RxZ44M0BEk2iAkoIFukEWiAs99iASU8pVkgBSIqJ4jQfpUiErgbFRiH3SaKRasi1ic= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1719395281; c=relaxed/simple; bh=yuKDEPsr1+NjXPK6cU9hB7KM5AKq6dw4zjoDbotuGOA=; h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature:From: To:Subject:Date:Message-ID:MIME-Version; b=sMKJAWkJfwxaPkfP1JssFVs+xtiAA26JLhU4dHLg9kwhTBqkiphHHcvAPIWcrFYwmdiegT+65Sl+n0T10FKmxhAhpBvBtlD63RNxvlwaqZgdRa8ANFqvjUXbv2BaoONENSpJU/MTjsp9nJ80gBoiQG58lBrri5AIc38aQRgAwe0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from hawking.nue2.suse.org (unknown [10.168.4.11]) by smtp-out1.suse.de (Postfix) with ESMTP id 5230821AB3; Wed, 26 Jun 2024 09:47:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719395278; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qMnW433UjKfKRdGOXsRKxLGh1YvbAbXBTg79l8mEeMI=; b=LIqTwrnftY6mlzaykH7Hkyp7c2IpmRDJ1e8c6xLpIWaE56qWvI4I5cW5PUwtSKbTDz8LOu +HTaHhyJ155ROD7DcgcSTRWUxUgjA2gr3C8MR3MrUCAqHMV8UHsH3ymMP1PSS8hiHIHWte vM0dbI1baPCJKp7Y8ktJ+NOrqnaiKTQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719395278; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qMnW433UjKfKRdGOXsRKxLGh1YvbAbXBTg79l8mEeMI=; b=2/rO7LeCvgD07brj7zUVJQTvVVo6sAxXdAawCrMkkYyM0/iD9n8ihHPWyMGtSq66zkxINA ehUvJ8621DilrdCw== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1719395278; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qMnW433UjKfKRdGOXsRKxLGh1YvbAbXBTg79l8mEeMI=; b=LIqTwrnftY6mlzaykH7Hkyp7c2IpmRDJ1e8c6xLpIWaE56qWvI4I5cW5PUwtSKbTDz8LOu +HTaHhyJ155ROD7DcgcSTRWUxUgjA2gr3C8MR3MrUCAqHMV8UHsH3ymMP1PSS8hiHIHWte vM0dbI1baPCJKp7Y8ktJ+NOrqnaiKTQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1719395278; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qMnW433UjKfKRdGOXsRKxLGh1YvbAbXBTg79l8mEeMI=; b=2/rO7LeCvgD07brj7zUVJQTvVVo6sAxXdAawCrMkkYyM0/iD9n8ihHPWyMGtSq66zkxINA ehUvJ8621DilrdCw== Received: by hawking.nue2.suse.org (Postfix, from userid 17005) id 4327E4A050D; Wed, 26 Jun 2024 11:47:58 +0200 (CEST) From: Andreas Schwab To: Florian Weimer Cc: libc-alpha@sourceware.org Subject: Re: [PATCH] time: Avoid memcmp overread in tzset (bug 31931) In-Reply-To: <87o77ovybr.fsf@oldenburg.str.redhat.com> (Florian Weimer's message of "Wed, 26 Jun 2024 11:38:00 +0200") References: <87o77ovybr.fsf@oldenburg.str.redhat.com> X-Yow: Hello? Enema Bondage? I'm calling because I want to be happy, I guess.. Date: Wed, 26 Jun 2024 11:47:58 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spamd-Result: default: False [-4.20 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.993]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,gnu.org:url] X-Spam-Score: -4.20 X-Spam-Level: X-Spam-Status: No, score=-9.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,KAM_SHORT,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Jun 26 2024, Florian Weimer wrote: > diff --git a/time/tst-tzfile-fault.c b/time/tst-tzfile-fault.c > new file mode 100644 > index 0000000000..0b206ab1c3 > --- /dev/null > +++ b/time/tst-tzfile-fault.c > @@ -0,0 +1,44 @@ > +/* Attempt to trigger fault with very short TZ variable (bug 31931). > + Copyright (C) 2024 Free Software Foundation, Inc. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + . */ > + > + > +#include > +#include > +#include > +#include > + > +static char tz[] = "TZ=/"; > + > +static int > +do_test (void) > +{ > + struct support_next_to_fault ntf > + = support_next_to_fault_allocate (sizeof (tz)); > + memcpy (ntf.buffer, tz, sizeof (tz)); > + putenv (tz); Did you mean putenv (ntf.buffer)? > diff --git a/time/tzfile.c b/time/tzfile.c > index 4147539964..2006f9a189 100644 > --- a/time/tzfile.c > +++ b/time/tzfile.c > @@ -134,8 +134,8 @@ __tzfile_read (const char *file, size_t extra, char **extrap) > and which is not the system wide default TZDEFAULT. */ > if (__libc_enable_secure > && ((*file == '/' > - && memcmp (file, TZDEFAULT, sizeof TZDEFAULT) > - && memcmp (file, default_tzdir, sizeof (default_tzdir) - 1)) > + && strcmp (file, TZDEFAULT) != 0 > + && strncmp (file, default_tzdir, sizeof (default_tzdir) - 1)) Please add != 0. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different."