infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-03-04 21:20:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

8165936: Potential Heap buffer overflow when seaching timezone info files

Browse Source 
Readdir_r called with too small buffer

Reviewed-by: clanger, rriggs, okutsu, naoto
This commit is contained in:
Thomas Stuefe 2016-09-13 11:38:31 +02:00
parent a210d98c0c
commit e99208ee7d
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
jdk/src/java.base/unix/native/libjava/TimeZone_md.c
View File

@ -128,13 +128,26 @@ findZoneinfoFile(char *buf, size_t size, const char *dir)
char *dbuf = NULL;
char *tz = NULL;
int res;
long name_max = 0;
dirp = opendir(dir);
if (dirp == NULL) {
return NULL;
}
entry = (struct dirent64 *) malloc((size_t) pathconf(dir, _PC_NAME_MAX));
name_max = pathconf(dir, _PC_NAME_MAX);
// If pathconf did not work, fall back to NAME_MAX.
if (name_max < 0) {
name_max = NAME_MAX;
}
// Some older System V systems have a very small NAME_MAX size of 14; as
// there is no way to tell readdir_r the output buffer size, lets enforce
// a mimimum buffer size.
if (name_max < 1024) {
name_max = 1024;
}
entry = (struct dirent64 *)malloc(offsetof(struct dirent64, d_name) + name_max + 1);
if (entry == NULL) {
(void) closedir(dirp);
return NULL;