From 8e452abae67db445fb6c3e37cd566c4788c2e8f3 Mon Sep 17 00:00:00 2001 From: Samuel Holland Date: Sat, 22 Feb 2020 16:01:12 -0600 Subject: [PATCH] avoid out-of-bounds read for invalid quoted timezone Parsing the timezone name must stop when reaching the null terminator. In that case, there is no '>' to skip. --- src/time/__tz.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/time/__tz.c b/src/time/__tz.c index 185642e8..a962960e 100644 --- a/src/time/__tz.c +++ b/src/time/__tz.c @@ -86,9 +86,9 @@ static void getname(char *d, const char **p) int i; if (**p == '<') { ++*p; - for (i=0; (*p)[i]!='>' && i