util: check for gmtime() error

Fix the UTI_TimeToLogForm() function to check if gmtime() didn't fail.
This caused chronyc to crash due to dereferencing a NULL pointer when
a response to the "manual list" request contained time which gmtime()
could not convert to broken-down representation.

This issue was found in an audit performed by Cure53 and sponsored by
Mozilla.

diff --git a/util.c b/util.c
index be47f1c4657657285ecba2dc62b2b3df04f19c15..b562fedfc6dd10ca3dce3acbca3f26a050d29022 100644 (file)
--- a/util.c
+++ b/util.c
@@ -610,13 +610,17 @@ UTI_SockaddrFamilyToString(int family)
 char *
 UTI_TimeToLogForm(time_t t)
 {
-  struct tm stm;
+  struct tm *stm;
   char *result;
 
   result = NEXT_BUFFER;
 
-  stm = *gmtime(&t);
-  strftime(result, BUFFER_LENGTH, "%Y-%m-%d %H:%M:%S", &stm);
+  stm = gmtime(&t);
+
+  if (stm)
+    strftime(result, BUFFER_LENGTH, "%Y-%m-%d %H:%M:%S", stm);
+  else
+    snprintf(result, BUFFER_LENGTH, "INVALID    INVALID ");
 
   return result;
 }