From: Pádraig Brady <P@draigBrady.com>
Date: Mon, 9 Feb 2015 15:48:40 +0000 (+0000)
Subject: maint: avoid arbitrary memory access with buggy localtime()
X-Git-Tag: v8.24~124
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50820f8470a0f3d5c5359df1387b30eddd839ba4;p=thirdparty%2Fcoreutils.git

maint: avoid arbitrary memory access with buggy localtime()

* src/ls.c (align_nstrftime): Be defensive and validate the tm_mon
index before using to access the abmon array.  This was _not_ seen
to be an issue any system.  See https://bugzilla.redhat.com/1190454
---

diff --git a/src/ls.c b/src/ls.c
index cb9d3d6a25..4698520745 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -3665,7 +3665,8 @@ align_nstrftime (char *buf, size_t size, char const *fmt, struct tm const *tm,
      the replacement is not done.  A malloc here slows ls down by 2%  */
   char rpl_fmt[sizeof (abmon[0]) + 100];
   const char *pb;
-  if (required_mon_width && (pb = strstr (fmt, "%b")))
+  if (required_mon_width && (pb = strstr (fmt, "%b"))
+      && 0 <= tm->tm_mon && tm->tm_mon <= 11)
     {
       if (strlen (fmt) < (sizeof (rpl_fmt) - sizeof (abmon[0]) + 2))
         {