calendarspec: reject strings with spurious spaces and signs

strtoul() parses leading whitespace and an optional sign;
check that the first character is a digit to prevent odd
specifications like "00:  00:  00" and "-00:+00/-1".

diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c
index eef4ed52408667a48ca03017ac2955180d2f7d9f..1555230e30ba6f893e28d675ba3e822abff16780 100644 (file)
--- a/src/basic/calendarspec.c
+++ b/src/basic/calendarspec.c
@@ -18,6 +18,7 @@
 ***/
 
 #include <alloca.h>
+#include <ctype.h>
 #include <errno.h>
 #include <stddef.h>
 #include <stdio.h>
@@ -458,6 +459,9 @@ static int parse_component_decimal(const char **p, bool usec, unsigned long *res
         char *ee = NULL;
         int r;
 
+        if (!isdigit(**p))
+                return -EINVAL;
+
         errno = 0;
         value = strtoul(*p, &ee, 10);
         if (errno > 0)

diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c
index 93414c85086066ba67b625f0443fbe2b73abf393..873a4910d27eae18f7f370ee91c311bcb358dd3c 100644 (file)
--- a/src/test/test-calendarspec.c
+++ b/src/test/test-calendarspec.c
@@ -216,6 +216,9 @@ int main(int argc, char* argv[]) {
         assert_se(calendar_spec_from_string("*-*~5/5", &c) < 0);
         assert_se(calendar_spec_from_string("Monday.. 12:00", &c) < 0);
         assert_se(calendar_spec_from_string("Monday..", &c) < 0);
+        assert_se(calendar_spec_from_string("-00:+00/-5", &c) < 0);
+        assert_se(calendar_spec_from_string("00:+00/-5", &c) < 0);
+        assert_se(calendar_spec_from_string("2016- 11- 24 12: 30: 00", &c) < 0);
 
         test_timestamp();
         test_hourly_bug_4031();