From: Frederic Marchal <fmarchal@users.sourceforge.net>
Date: Tue, 17 Nov 2015 18:30:45 +0000 (+0100)
Subject: Validate the year extracted from a parsed log file
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb3cc14719b05693d76c461b0b772507068ac875;p=thirdparty%2Fsarg.git

Validate the year extracted from a parsed log file

A parsed log file name contains the date range covering the log content in
a form like sarg-15062015_0100-15062015_0101.log.gz.

The date was insufficiently validated as any date below 1900 produces
an integer overflow.
---

diff --git a/util.c b/util.c
index cdcbf16..3e423b5 100644
--- a/util.c
+++ b/util.c
@@ -988,7 +988,7 @@ int getperiod_fromsarglog(const char *arqtt,struct periodstruct *period)
 		str+=2;
 		year0=0;
 		for (i=0 ; isdigit(str[i]) && i<4 ; i++) year0=year0*10+(str[i]-'0');
-		if (i!=4) continue;
+		if (i!=4 || year0<1900) continue;
 		str+=4;
 		if (str[0]!='_') continue;
 		str++;
@@ -1012,7 +1012,7 @@ int getperiod_fromsarglog(const char *arqtt,struct periodstruct *period)
 		str+=2;
 		year1=0;
 		for (i=0 ; isdigit(str[i]) && i<4 ; i++) year1=year1*10+(str[i]-'0');
-		if (i!=4) continue;
+		if (i!=4 || year1<1900) continue;
 		str+=4;
 
 		if (str[0]!='_') continue;