aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoland McGrath <roland@hack.frob.com>2012-03-25 11:36:35 -0700
committerRoland McGrath <roland@hack.frob.com>2012-03-25 11:36:35 -0700
commitac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a (patch)
tree533c1564b37b1fe9745867a519e365b3376a5d2b
parent6a9b9c02fa9904ed410ba5a07d61a1119de39b7a (diff)
downloadglibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.tar
glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.tar.gz
glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.tar.bz2
glibc-ac4c54f0cce8bb20c100a4c1041f3aa3e7d6cd0a.zip
Fix confstr use of local buffer outside its extent.
-rw-r--r--ChangeLog5
-rw-r--r--posix/confstr.c222
2 files changed, 111 insertions, 116 deletions
diff --git a/ChangeLog b/ChangeLog
index 21ad9ec7c6..8ec88ccedd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-03-25 Roland McGrath <roland@hack.frob.com>
+
+ * posix/confstr.c (confstr): Lift RESTENVS definition to function scope.
+ Reported by Allan McRae <allan@archlinux.org>.
+
2012-03-23 Jeff Law <law@redhat.com>
* nss/getnssent.c (__nss_getent): Fix typo.
diff --git a/posix/confstr.c b/posix/confstr.c
index 3c9566d1cf..ad8fea9b28 100644
--- a/posix/confstr.c
+++ b/posix/confstr.c
@@ -1,5 +1,4 @@
-/* Copyright (C) 1991,1996,1997,2000-2004,2009,2010 Free
- Software Foundation, Inc.
+/* Copyright (C) 1991-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -34,6 +33,9 @@ confstr (name, buf, len)
{
const char *string = "";
size_t string_len = 1;
+ char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
+ char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"];
+ char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"];
switch (name)
{
@@ -53,59 +55,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "POSIX_V7_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _POSIX_V7_ILP32_OFF32
- if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_V7_ILP32_OFF32) > 0)
#endif
#if !defined _POSIX_V7_ILP32_OFF32 || _POSIX_V7_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
- sizeof "POSIX_V7_ILP32_OFF32" - 1);
- string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFF32",
+ sizeof "POSIX_V7_ILP32_OFF32" - 1);
+ string_len += sizeof "POSIX_V7_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _POSIX_V7_ILP32_OFFBIG
- if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_V7_ILP32_OFFBIG) > 0)
#endif
#if !defined _POSIX_V7_ILP32_OFFBIG || _POSIX_V7_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
- sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
- string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_ILP32_OFFBIG",
+ sizeof "POSIX_V7_ILP32_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V7_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _POSIX_V7_LP64_OFF64
- if (__sysconf (_SC_V7_LP64_OFF64) > 0)
+ if (__sysconf (_SC_V7_LP64_OFF64) > 0)
#endif
#if !defined _POSIX_V7_LP64_OFF64 || _POSIX_V7_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
- sizeof "POSIX_V7_LP64_OFF64" - 1);
- string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_LP64_OFF64",
+ sizeof "POSIX_V7_LP64_OFF64" - 1);
+ string_len += sizeof "POSIX_V7_LP64_OFF64" - 1;
+ }
#endif
#ifndef _POSIX_V7_LPBIG_OFFBIG
- if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_V7_LPBIG_OFFBIG) > 0)
#endif
#if !defined _POSIX_V7_LPBIG_OFFBIG || _POSIX_V7_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
- sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
- string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V7_LPBIG_OFFBIG",
+ sizeof "POSIX_V7_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V7_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_V6_WIDTH_RESTRICTED_ENVS:
@@ -116,59 +114,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "POSIX_V6_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _POSIX_V6_ILP32_OFF32
- if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_V6_ILP32_OFF32) > 0)
#endif
#if !defined _POSIX_V6_ILP32_OFF32 || _POSIX_V6_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
- sizeof "POSIX_V6_ILP32_OFF32" - 1);
- string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFF32",
+ sizeof "POSIX_V6_ILP32_OFF32" - 1);
+ string_len += sizeof "POSIX_V6_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _POSIX_V6_ILP32_OFFBIG
- if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_V6_ILP32_OFFBIG) > 0)
#endif
#if !defined _POSIX_V6_ILP32_OFFBIG || _POSIX_V6_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
- sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
- string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_ILP32_OFFBIG",
+ sizeof "POSIX_V6_ILP32_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V6_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _POSIX_V6_LP64_OFF64
- if (__sysconf (_SC_V6_LP64_OFF64) > 0)
+ if (__sysconf (_SC_V6_LP64_OFF64) > 0)
#endif
#if !defined _POSIX_V6_LP64_OFF64 || _POSIX_V6_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
- sizeof "POSIX_V6_LP64_OFF64" - 1);
- string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_LP64_OFF64",
+ sizeof "POSIX_V6_LP64_OFF64" - 1);
+ string_len += sizeof "POSIX_V6_LP64_OFF64" - 1;
+ }
#endif
#ifndef _POSIX_V6_LPBIG_OFFBIG
- if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_V6_LPBIG_OFFBIG) > 0)
#endif
#if !defined _POSIX_V6_LPBIG_OFFBIG || _POSIX_V6_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
- sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
- string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "POSIX_V6_LPBIG_OFFBIG",
+ sizeof "POSIX_V6_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "POSIX_V6_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_V5_WIDTH_RESTRICTED_ENVS:
@@ -179,59 +173,55 @@ confstr (name, buf, len)
wint_t types are no greater than the width of type long.
Currently this means all environment which the system allows. */
- {
- char restenvs[4 * sizeof "XBS5_LPBIG_OFFBIG"];
-
- string_len = 0;
+ string_len = 0;
#ifndef _XBS5_ILP32_OFF32
- if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
+ if (__sysconf (_SC_XBS5_ILP32_OFF32) > 0)
#endif
#if !defined _XBS5_ILP32_OFF32 || _XBS5_ILP32_OFF32 > 0
- {
- memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
- sizeof "XBS5_ILP32_OFF32" - 1);
- string_len += sizeof "XBS5_ILP32_OFF32" - 1;
- }
+ {
+ memcpy (restenvs + string_len, "XBS5_ILP32_OFF32",
+ sizeof "XBS5_ILP32_OFF32" - 1);
+ string_len += sizeof "XBS5_ILP32_OFF32" - 1;
+ }
#endif
#ifndef _XBS5_ILP32_OFFBIG
- if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
+ if (__sysconf (_SC_XBS5_ILP32_OFFBIG) > 0)
#endif
#if !defined _XBS5_ILP32_OFFBIG || _XBS5_ILP32_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
- sizeof "XBS5_ILP32_OFFBIG" - 1);
- string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_ILP32_OFFBIG",
+ sizeof "XBS5_ILP32_OFFBIG" - 1);
+ string_len += sizeof "XBS5_ILP32_OFFBIG" - 1;
+ }
#endif
#ifndef _XBS5_LP64_OFF64
- if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
+ if (__sysconf (_SC_XBS5_LP64_OFF64) > 0)
#endif
#if !defined _XBS5_LP64_OFF64 || _XBS5_LP64_OFF64 > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
- sizeof "XBS5_LP64_OFF64" - 1);
- string_len += sizeof "XBS5_LP64_OFF64" - 1;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_LP64_OFF64",
+ sizeof "XBS5_LP64_OFF64" - 1);
+ string_len += sizeof "XBS5_LP64_OFF64" - 1;
+ }
#endif
#ifndef _XBS5_LPBIG_OFFBIG
- if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
+ if (__sysconf (_SC_XBS5_LPBIG_OFFBIG) > 0)
#endif
#if !defined _XBS5_LPBIG_OFFBIG || _XBS5_LPBIG_OFFBIG > 0
- {
- if (string_len)
- restenvs[string_len++] = '\n';
- memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
- sizeof "XBS5_LPBIG_OFFBIG" - 1);
- string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
- }
-#endif
- restenvs[string_len++] = '\0';
- string = restenvs;
- }
+ {
+ if (string_len)
+ restenvs[string_len++] = '\n';
+ memcpy (restenvs + string_len, "XBS5_LPBIG_OFFBIG",
+ sizeof "XBS5_LPBIG_OFFBIG" - 1);
+ string_len += sizeof "XBS5_LPBIG_OFFBIG" - 1;
+ }
+#endif
+ restenvs[string_len++] = '\0';
+ string = restenvs;
break;
case _CS_XBS5_ILP32_OFF32_CFLAGS: