svn commit: samba r19602 - in branches: SAMBA_3_0_23/source/lib SAMBA_3_0_24/source/lib

Stefan (metze) Metzmacher metze at samba.org
Tue Nov 7 09:40:29 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jra at samba.org schrieb:
> Author: jra
> Date: 2006-11-07 02:35:58 +0000 (Tue, 07 Nov 2006)
> New Revision: 19602
> 
> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19602
> 
> Log:
> Fix protection from invalid struct tm values.
> Backport from Samba4.
> Jeremy.
> 
> Modified:
>    branches/SAMBA_3_0_23/source/lib/timegm.c
>    branches/SAMBA_3_0_24/source/lib/timegm.c
> 
> 
> Changeset:
> Modified: branches/SAMBA_3_0_23/source/lib/timegm.c
> ===================================================================
> --- branches/SAMBA_3_0_23/source/lib/timegm.c	2006-11-07 02:33:10 UTC (rev 19601)
> +++ branches/SAMBA_3_0_23/source/lib/timegm.c	2006-11-07 02:35:58 UTC (rev 19602)
> @@ -53,6 +53,16 @@
>  	time_t res = 0;
>  	unsigned i;
>  	
> +	if (tm->tm_mon > 12 ||
> +	    tm->tm_mon < 0 ||
> +	    tm->tm_mday > 31 ||
> +	    tm->tm_min > 60 ||
> +	    tm->tm_sec > 60 ||
> +	    tm->tm_hour > 24) {
> +		/* invalid tm structure */
> +		return 0;
> +	}
> +
>  	for (i = 70; i < tm->tm_year; ++i)
>  		res += is_leap(i) ? 366 : 365;
>  	
> 
> Modified: branches/SAMBA_3_0_24/source/lib/timegm.c
> ===================================================================
> --- branches/SAMBA_3_0_24/source/lib/timegm.c	2006-11-07 02:33:10 UTC (rev 19601)
> +++ branches/SAMBA_3_0_24/source/lib/timegm.c	2006-11-07 02:35:58 UTC (rev 19602)
> @@ -53,6 +53,16 @@
>  	time_t res = 0;
>  	unsigned i;
>  	
> +	if (tm->tm_mon > 12 ||
> +	    tm->tm_mon < 0 ||
> +	    tm->tm_mday > 31 ||
> +	    tm->tm_min > 60 ||
> +	    tm->tm_sec > 60 ||
> +	    tm->tm_hour > 24) {
> +		/* invalid tm structure */
> +		return 0;
> +	}
> +

I assume this has bugs, as tm->tm_mon == 12 is valid and the array which
uses it as index has only 12 members...

tridge: had you gave me a reason, why you used > 12 in the samba4 commit?

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFUFSNm70gjA5TCD8RAhxAAKCDY4q5zhzPxnoOeQKr9yewVH4MxACgkIOC
QTsl16bOuJstwRyw8HsXqoo=
=+TnG
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list