samba-technical@lists.samba.org
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

Re: svn commit: samba r19602 - in branches: SAMBA_3_0_23/source/lib SAMB

from [Stefan (metze) Metzmacher]
Subject: Re: svn commit: samba r19602 - in branches: SAMBA_3_0_23/source/lib SAMBA_3_0_24/source/lib
From: "Stefan (metze) Metzmacher"
Date: Tue, 07 Nov 2006 10:40:29 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jra@xxxxxxxxx schrieb:
> Author: jra
> Date: 2006-11-07 02:35:58 +0000 (Tue, 07 Nov 2006)
> New Revision: 19602
> 
> WebSVN: 
> http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19602
> 
> Log:
> Fix protection from invalid struct tm values.
> Backport from Samba4.
> Jeremy.
> 
> Modified:
>    branches/SAMBA_3_0_23/source/lib/timegm.c
>    branches/SAMBA_3_0_24/source/lib/timegm.c
> 
> 
> Changeset:
> Modified: branches/SAMBA_3_0_23/source/lib/timegm.c
> ===================================================================
> --- branches/SAMBA_3_0_23/source/lib/timegm.c 2006-11-07 02:33:10 UTC (rev 
> 19601)
> +++ branches/SAMBA_3_0_23/source/lib/timegm.c 2006-11-07 02:35:58 UTC (rev 
> 19602)
> @@ -53,6 +53,16 @@
>       time_t res = 0;
>       unsigned i;
>       
> +     if (tm->tm_mon > 12 ||
> +         tm->tm_mon < 0 ||
> +         tm->tm_mday > 31 ||
> +         tm->tm_min > 60 ||
> +         tm->tm_sec > 60 ||
> +         tm->tm_hour > 24) {
> +             /* invalid tm structure */
> +             return 0;
> +     }
> +
>       for (i = 70; i < tm->tm_year; ++i)
>               res += is_leap(i) ? 366 : 365;
>       
> 
> Modified: branches/SAMBA_3_0_24/source/lib/timegm.c
> ===================================================================
> --- branches/SAMBA_3_0_24/source/lib/timegm.c 2006-11-07 02:33:10 UTC (rev 
> 19601)
> +++ branches/SAMBA_3_0_24/source/lib/timegm.c 2006-11-07 02:35:58 UTC (rev 
> 19602)
> @@ -53,6 +53,16 @@
>       time_t res = 0;
>       unsigned i;
>       
> +     if (tm->tm_mon > 12 ||
> +         tm->tm_mon < 0 ||
> +         tm->tm_mday > 31 ||
> +         tm->tm_min > 60 ||
> +         tm->tm_sec > 60 ||
> +         tm->tm_hour > 24) {
> +             /* invalid tm structure */
> +             return 0;
> +     }
> +

I assume this has bugs, as tm->tm_mon == 12 is valid and the array which
uses it as index has only 12 members...

tridge: had you gave me a reason, why you used > 12 in the samba4 commit?

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFUFSNm70gjA5TCD8RAhxAAKCDY4q5zhzPxnoOeQKr9yewVH4MxACgkIOC
QTsl16bOuJstwRyw8HsXqoo=
=+TnG
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Heimdal Merge to Samba4, Andrew Bartlett
Next by Date:  Re: svn commit: lorikeet r653 - in trunk/heimdal/lib/gssapi/krb5: ., Stefan (metze) Metzmacher
Previous by Thread:  Heimdal Merge to Samba4, Andrew Bartlett
Next by Thread:  Re: svn commit: samba r19602 - in branches: SAMBA_3_0_23/source/lib SAMBA_3_0_24/source/lib, tridge
Indexes:  [Date] [Thread] [Top] [All Lists]