From 42261ad731991df345880b0b509d83b0b9a9b9d8 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 24 Apr 2015 17:34:47 +0200 Subject: Make time zone file parser more robust [BZ #17715] --- time/tzfile.c | 15 ++- time/tzset.c | 401 ++++++++++++++++++++++++++++------------------------------ 2 files changed, 209 insertions(+), 207 deletions(-) (limited to 'time') diff --git a/time/tzfile.c b/time/tzfile.c index bcb408f..46d4fc7 100644 --- a/time/tzfile.c +++ b/time/tzfile.c @@ -200,6 +200,9 @@ __tzfile_read (const char *file, size_t extra, char **extrap) num_isstd = (size_t) decode (tzhead.tzh_ttisstdcnt); num_isgmt = (size_t) decode (tzhead.tzh_ttisgmtcnt); + if (__glibc_unlikely (num_isstd > num_types || num_isgmt > num_types)) + goto lose; + /* For platforms with 64-bit time_t we use the new format if available. */ if (sizeof (time_t) == 8 && trans_width == 4 && tzhead.tzh_version[0] != '\0') @@ -434,13 +437,21 @@ __tzfile_read (const char *file, size_t extra, char **extrap) goto lose; tzspec_len = st.st_size - off - 1; - char *tzstr = alloca (tzspec_len); + if (tzspec_len == 0) + goto lose; + char *tzstr = malloc (tzspec_len); + if (tzstr == NULL) + goto lose; if (getc_unlocked (f) != '\n' || (__fread_unlocked (tzstr, 1, tzspec_len - 1, f) != tzspec_len - 1)) - goto lose; + { + free (tzstr); + goto lose; + } tzstr[tzspec_len - 1] = '\0'; tzspec = __tzstring (tzstr); + free (tzstr); } /* Don't use an empty TZ string. */ diff --git a/time/tzset.c b/time/tzset.c index 82324ca..d115bae 100644 --- a/time/tzset.c +++ b/time/tzset.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -82,15 +83,14 @@ struct tzstring_l static struct tzstring_l *tzstring_list; -/* Allocate a permanent home for S. It will never be moved or deallocated, - but may share space with other strings. - Don't modify the returned string. */ -char * -__tzstring (const char *s) +/* Allocate a permanent home for the first LEN characters of S. It + will never be moved or deallocated, but may share space with other + strings. Don't modify the returned string. */ +static char * +__tzstring_len (const char *s, size_t len) { char *p; struct tzstring_l *t, *u, *new; - size_t len = strlen (s); /* Walk the list and look for a match. If this string is the same as the end of an already-allocated string, it can share space. */ @@ -98,7 +98,7 @@ __tzstring (const char *s) if (len <= t->len) { p = &t->data[t->len - len]; - if (strcmp (s, p) == 0) + if (memcmp (s, p, len) == 0) return p; } @@ -109,7 +109,8 @@ __tzstring (const char *s) new->next = NULL; new->len = len; - strcpy (new->data, s); + memcpy (new->data, s, len); + new->data[len] = '\0'; if (u) u->next = new; @@ -118,6 +119,15 @@ __tzstring (const char *s) return new->data; } + +/* Allocate a permanent home for S. It will never be moved or + deallocated, but may share space with other strings. Don't modify + the returned string. */ +char * +__tzstring (const char *s) +{ + return __tzstring_len (s, strlen (s)); +} /* Maximum length of a timezone name. tzset_internal keeps this up to date (never decreasing it) when ! __use_tzfile. @@ -164,234 +174,215 @@ compute_offset (unsigned int ss, unsigned int mm, unsigned int hh) return min (ss, 59) + min (mm, 59) * 60 + min (hh, 24) * 60 * 60; } - -/* Parse the POSIX TZ-style string. */ -void -__tzset_parse_tz (tz) - const char *tz; +/* Parses the time zone name at *TZP, and writes a pointer to an + interned string to tz_rules[WHICHRULE].name. On success, advances + *TZP, and returns true. Returns false otherwise. */ +static bool +parse_tzname (const char **tzp, int whichrule) { - unsigned short int hh, mm, ss; - - /* Clear out old state and reset to unnamed UTC. */ - memset (tz_rules, '\0', sizeof tz_rules); - tz_rules[0].name = tz_rules[1].name = ""; - - /* Get the standard timezone name. */ - char *tzbuf = strdupa (tz); - - int consumed; - if (sscanf (tz, "%[A-Za-z]%n", tzbuf, &consumed) != 1) + const char *start = *tzp; + const char *p = start; + while (('a' <= *p && *p <= 'z') + || ('A' <= *p && *p <= 'Z')) + ++p; + size_t len = p - start; + if (len < 3) { - /* Check for the quoted version. */ - char *wp = tzbuf; - if (__glibc_unlikely (*tz++ != '<')) - goto out; - - while (isalnum (*tz) || *tz == '+' || *tz == '-') - *wp++ = *tz++; - if (__glibc_unlikely (*tz++ != '>' || wp - tzbuf < 3)) - goto out; - *wp = '\0'; + p = *tzp; + if (__glibc_unlikely (*p++ != '<')) + return false; + start = p; + while (('a' <= *p && *p <= 'z') + || ('A' <= *p && *p <= 'Z') + || ('0' <= *p && *p <= '9') + || *p == '+' || *p == '-') + ++p; + len = p - start; + if (*p++ != '>' || len < 3) + return false; } - else if (__glibc_unlikely (consumed < 3)) - goto out; - else - tz += consumed; - - tz_rules[0].name = __tzstring (tzbuf); + tz_rules[whichrule].name = __tzstring_len (start, len); + *tzp = p; + return true; +} - /* Figure out the standard offset from UTC. */ - if (*tz == '\0' || (*tz != '+' && *tz != '-' && !isdigit (*tz))) - goto out; +/* Parses the time zone offset at *TZP, and writes it to + tz_rules[WHICHRULE].offset. Returns true if the parse was + successful. */ +static bool +parse_offset (const char **tzp, int whichrule) +{ + const char *tz = *tzp; + if (whichrule == 0 + && (*tz == '\0' || (*tz != '+' && *tz != '-' && !isdigit (*tz)))) + return false; + long sign; if (*tz == '-' || *tz == '+') - tz_rules[0].offset = *tz++ == '-' ? 1L : -1L; + sign = *tz++ == '-' ? 1L : -1L; else - tz_rules[0].offset = -1L; - switch (sscanf (tz, "%hu%n:%hu%n:%hu%n", - &hh, &consumed, &mm, &consumed, &ss, &consumed)) - { - default: - tz_rules[0].offset = 0; - goto out; - case 1: - mm = 0; - case 2: - ss = 0; - case 3: - break; - } - tz_rules[0].offset *= compute_offset (ss, mm, hh); - tz += consumed; - - /* Get the DST timezone name (if any). */ - if (*tz != '\0') - { - if (sscanf (tz, "%[A-Za-z]%n", tzbuf, &consumed) != 1) - { - /* Check for the quoted version. */ - char *wp = tzbuf; - const char *rp = tz; - if (__glibc_unlikely (*rp++ != '<')) - /* Punt on name, set up the offsets. */ - goto done_names; - - while (isalnum (*rp) || *rp == '+' || *rp == '-') - *wp++ = *rp++; - if (__glibc_unlikely (*rp++ != '>' || wp - tzbuf < 3)) - /* Punt on name, set up the offsets. */ - goto done_names; - *wp = '\0'; - tz = rp; - } - else if (__glibc_unlikely (consumed < 3)) - /* Punt on name, set up the offsets. */ - goto done_names; + sign = -1L; + *tzp = tz; + + unsigned short int hh; + unsigned short mm = 0; + unsigned short ss = 0; + int consumed = 0; + if (sscanf (tz, "%hu%n:%hu%n:%hu%n", + &hh, &consumed, &mm, &consumed, &ss, &consumed) > 0) + tz_rules[whichrule].offset = sign * compute_offset (ss, mm, hh); + else + /* Nothing could be parsed. */ + if (whichrule == 0) + { + /* Standard time defaults to offset zero. */ + tz_rules[0].offset = 0; + return false; + } else - tz += consumed; + /* DST defaults to one hour later than standard time. */ + tz_rules[1].offset = tz_rules[0].offset + (60 * 60); + *tzp = tz + consumed; + return true; +} - tz_rules[1].name = __tzstring (tzbuf); +/* Parses the standard <-> DST rules at *TZP. Updates + tz_rule[WHICHRULE]. On success, advances *TZP and returns true. + Otherwise, returns false. */ +static bool +parse_rule (const char **tzp, int whichrule) +{ + const char *tz = *tzp; + tz_rule *tzr = &tz_rules[whichrule]; - /* Figure out the DST offset from GMT. */ - if (*tz == '-' || *tz == '+') - tz_rules[1].offset = *tz++ == '-' ? 1L : -1L; - else - tz_rules[1].offset = -1L; + /* Ignore comma to support string following the incorrect + specification in early POSIX.1 printings. */ + tz += *tz == ','; - switch (sscanf (tz, "%hu%n:%hu%n:%hu%n", - &hh, &consumed, &mm, &consumed, &ss, &consumed)) + /* Get the date of the change. */ + if (*tz == 'J' || isdigit (*tz)) + { + char *end; + tzr->type = *tz == 'J' ? J1 : J0; + if (tzr->type == J1 && !isdigit (*++tz)) + return false; + unsigned long int d = strtoul (tz, &end, 10); + if (end == tz || d > 365) + return false; + if (tzr->type == J1 && d == 0) + return false; + tzr->d = d; + tz = end; + } + else if (*tz == 'M') + { + tzr->type = M; + int consumed; + if (sscanf (tz, "M%hu.%hu.%hu%n", + &tzr->m, &tzr->n, &tzr->d, &consumed) != 3 + || tzr->m < 1 || tzr->m > 12 + || tzr->n < 1 || tzr->n > 5 || tzr->d > 6) + return false; + tz += consumed; + } + else if (*tz == '\0') + { + /* Daylight time rules in the U.S. are defined in the U.S. Code, + Title 15, Chapter 6, Subchapter IX - Standard Time. These + dates were established by Congress in the Energy Policy Act + of 2005 [Pub. L. no. 109-58, 119 Stat 594 (2005)]. + Below is the equivalent of "M3.2.0,M11.1.0" [/2 not needed + since 2:00AM is the default]. */ + tzr->type = M; + if (tzr == &tz_rules[0]) { - default: - /* Default to one hour later than standard time. */ - tz_rules[1].offset = tz_rules[0].offset + (60 * 60); - break; - - case 1: - mm = 0; - case 2: - ss = 0; - case 3: - tz_rules[1].offset *= compute_offset (ss, mm, hh); - tz += consumed; - break; + tzr->m = 3; + tzr->n = 2; + tzr->d = 0; } - if (*tz == '\0' || (tz[0] == ',' && tz[1] == '\0')) + else { - /* There is no rule. See if there is a default rule file. */ - __tzfile_default (tz_rules[0].name, tz_rules[1].name, - tz_rules[0].offset, tz_rules[1].offset); - if (__use_tzfile) - { - free (old_tz); - old_tz = NULL; - return; - } + tzr->m = 11; + tzr->n = 1; + tzr->d = 0; } } else + return false; + + if (*tz != '\0' && *tz != '/' && *tz != ',') + return false; + else if (*tz == '/') { - /* There is no DST. */ - tz_rules[1].name = tz_rules[0].name; - tz_rules[1].offset = tz_rules[0].offset; - goto out; + /* Get the time of day of the change. */ + int negative; + ++tz; + if (*tz == '\0') + return false; + negative = *tz == '-'; + tz += negative; + /* Default to 2:00 AM. */ + unsigned short hh = 2; + unsigned short mm = 0; + unsigned short ss = 0; + int consumed = 0; + sscanf (tz, "%hu%n:%hu%n:%hu%n", + &hh, &consumed, &mm, &consumed, &ss, &consumed);; + tz += consumed; + tzr->secs = (negative ? -1 : 1) * ((hh * 60 * 60) + (mm * 60) + ss); } + else + /* Default to 2:00 AM. */ + tzr->secs = 2 * 60 * 60; - done_names: - /* Figure out the standard <-> DST rules. */ - for (unsigned int whichrule = 0; whichrule < 2; ++whichrule) - { - tz_rule *tzr = &tz_rules[whichrule]; + tzr->computed_for = -1; + *tzp = tz; + return true; +} - /* Ignore comma to support string following the incorrect - specification in early POSIX.1 printings. */ - tz += *tz == ','; +/* Parse the POSIX TZ-style string. */ +void +__tzset_parse_tz (const char *tz) +{ + /* Clear out old state and reset to unnamed UTC. */ + memset (tz_rules, '\0', sizeof tz_rules); + tz_rules[0].name = tz_rules[1].name = ""; - /* Get the date of the change. */ - if (*tz == 'J' || isdigit (*tz)) - { - char *end; - tzr->type = *tz == 'J' ? J1 : J0; - if (tzr->type == J1 && !isdigit (*++tz)) - goto out; - unsigned long int d = strtoul (tz, &end, 10); - if (end == tz || d > 365) - goto out; - if (tzr->type == J1 && d == 0) - goto out; - tzr->d = d; - tz = end; - } - else if (*tz == 'M') - { - tzr->type = M; - if (sscanf (tz, "M%hu.%hu.%hu%n", - &tzr->m, &tzr->n, &tzr->d, &consumed) != 3 - || tzr->m < 1 || tzr->m > 12 - || tzr->n < 1 || tzr->n > 5 || tzr->d > 6) - goto out; - tz += consumed; - } - else if (*tz == '\0') + /* Get the standard timezone name. */ + if (parse_tzname (&tz, 0) && parse_offset (&tz, 0)) + { + /* Get the DST timezone name (if any). */ + if (*tz != '\0') { - /* Daylight time rules in the U.S. are defined in the - U.S. Code, Title 15, Chapter 6, Subchapter IX - Standard - Time. These dates were established by Congress in the - Energy Policy Act of 2005 [Pub. L. no. 109-58, 119 Stat 594 - (2005)]. - Below is the equivalent of "M3.2.0,M11.1.0" [/2 not needed - since 2:00AM is the default]. */ - tzr->type = M; - if (tzr == &tz_rules[0]) + if (parse_tzname (&tz, 1)) { - tzr->m = 3; - tzr->n = 2; - tzr->d = 0; - } - else - { - tzr->m = 11; - tzr->n = 1; - tzr->d = 0; + parse_offset (&tz, 1); + if (*tz == '\0' || (tz[0] == ',' && tz[1] == '\0')) + { + /* There is no rule. See if there is a default rule + file. */ + __tzfile_default (tz_rules[0].name, tz_rules[1].name, + tz_rules[0].offset, tz_rules[1].offset); + if (__use_tzfile) + { + free (old_tz); + old_tz = NULL; + return; + } + } } + /* Figure out the standard <-> DST rules. */ + if (parse_rule (&tz, 0)) + parse_rule (&tz, 1); } else - goto out; - - if (*tz != '\0' && *tz != '/' && *tz != ',') - goto out; - else if (*tz == '/') { - /* Get the time of day of the change. */ - int negative; - ++tz; - if (*tz == '\0') - goto out; - negative = *tz == '-'; - tz += negative; - consumed = 0; - switch (sscanf (tz, "%hu%n:%hu%n:%hu%n", - &hh, &consumed, &mm, &consumed, &ss, &consumed)) - { - default: - hh = 2; /* Default to 2:00 AM. */ - case 1: - mm = 0; - case 2: - ss = 0; - case 3: - break; - } - tz += consumed; - tzr->secs = (negative ? -1 : 1) * ((hh * 60 * 60) + (mm * 60) + ss); + /* There is no DST. */ + tz_rules[1].name = tz_rules[0].name; + tz_rules[1].offset = tz_rules[0].offset; } - else - /* Default to 2:00 AM. */ - tzr->secs = 2 * 60 * 60; - - tzr->computed_for = -1; } - out: update_vars (); } -- cgit v1.1