chiark / gitweb /
shared: time-dst: Avoid buffer overflow
authorMartin Pitt <martin.pitt@ubuntu.com>
Mon, 15 Dec 2014 12:06:48 +0000 (13:06 +0100)
committerDavid Herrmann <dh.herrmann@gmail.com>
Mon, 15 Dec 2014 12:50:11 +0000 (13:50 +0100)
Commit 681f9718 introduced an additional null terminator for the zone names.
Increase the allocation of "transitions" to actually make room for this.

src/shared/time-dst.c

index 926d22b..1ce6f72 100644 (file)
@@ -183,7 +183,8 @@ read_again:
                         return -EINVAL;
         }
 
-        transitions = malloc0(total_size + tzspec_len);
+        /* leave space for additional zone_names zero terminator */
+        transitions = malloc0(total_size + tzspec_len + 1);
         if (transitions == NULL)
                 return -EINVAL;