[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] ls: avoid arbitrary memory access with buggy localtime()
From: |
Pádraig Brady |
Subject: |
[PATCH] ls: avoid arbitrary memory access with buggy localtime() |
Date: |
Mon, 9 Feb 2015 16:31:58 +0000 |
* src/ls.c (align_nstrftime): Be defensive and validate the tm_mon
index before using to access the abmon array.
See https://bugzilla.redhat.com/1190454
---
src/ls.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/ls.c b/src/ls.c
index cb9d3d6..4698520 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -3665,7 +3665,8 @@ align_nstrftime (char *buf, size_t size, char const *fmt,
struct tm const *tm,
the replacement is not done. A malloc here slows ls down by 2% */
char rpl_fmt[sizeof (abmon[0]) + 100];
const char *pb;
- if (required_mon_width && (pb = strstr (fmt, "%b")))
+ if (required_mon_width && (pb = strstr (fmt, "%b"))
+ && 0 <= tm->tm_mon && tm->tm_mon <= 11)
{
if (strlen (fmt) < (sizeof (rpl_fmt) - sizeof (abmon[0]) + 2))
{
--
2.1.0
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] ls: avoid arbitrary memory access with buggy localtime(),
Pádraig Brady <=