< prev index next >
src/java.base/unix/native/libjava/TimeZone_md.c
Print this page
rev 15588 : 8165936: Potential Heap buffer overflow when seaching timezone info files
Summary: readdir_r called with too small buffer
Reviewed-by:
*** 132,142 ****
dirp = opendir(dir);
if (dirp == NULL) {
return NULL;
}
! entry = (struct dirent64 *) malloc((size_t) pathconf(dir, _PC_NAME_MAX));
if (entry == NULL) {
(void) closedir(dirp);
return NULL;
}
--- 132,155 ----
dirp = opendir(dir);
if (dirp == NULL) {
return NULL;
}
! long name_max = pathconf(dir, _PC_NAME_MAX);
! // If pathconf did not work, fall back to NAME_MAX.
! if (name_max < 0) {
! name_max = NAME_MAX;
! }
! // Some older System V systems have a very small NAME_MAX size of 14; as
! // there is no way to tell readdir_r the output buffer size, lets enforce
! // a mimimum buffer size.
! const long min = 1024;
! if (name_max < min) {
! name_max = min;
! }
!
! entry = (struct dirent64 *) malloc(offsetof(struct dirent, d_name) + name_max + 1);
if (entry == NULL) {
(void) closedir(dirp);
return NULL;
}
< prev index next >