]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
printing: avoid crash in LPRng_time
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Wed, 5 May 2021 14:55:47 +0000 (14:55 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 5 Jul 2021 05:07:13 +0000 (05:07 +0000)
If the string is too shhort we don't want to atoi() whatever is beyond
the end of it.

Found using Honggfuzz and the fuzz_parse_lpq_entry fuzzer.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 05:07:13 UTC 2021 on sn-devel-184

source3/printing/lpq_parse.c

index f016707c08835b6bb19d1429165b72915937f0cc..335bc7f4e75b8c599bd67f512f5c403836cfbf97 100644 (file)
@@ -223,10 +223,16 @@ static time_t LPRng_time(char *time_string)
        }
 
        if ( atoi(time_string) < 24 ){
+               if (strlen(time_string) < 7) {
+                       return (time_t)-1;
+               }
                t->tm_hour = atoi(time_string);
                t->tm_min = atoi(time_string+3);
                t->tm_sec = atoi(time_string+6);
        } else {
+               if (strlen(time_string) < 18) {
+                       return (time_t)-1;
+               }
                t->tm_year = atoi(time_string)-1900;
                t->tm_mon = atoi(time_string+5)-1;
                t->tm_mday = atoi(time_string+8);