Check return values of time functions

Where ctime(), localtime(), or localtime_r() is used, check for
failure even if it is unlikely (reported by Bean Zhang).  Constify the
strdate() return type in kdb5_mkey.c and kadmin.c and the
ctime_uint32() return type in kproplog.c.  Use localtime_r()
unconditionally in str_conv.c as there is already a wrapper in that
file for the case where the platform doesn't have it.  Remove an
inoperative localtime() call in ktutil.c.

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index aee5c83b95461744b0661cefa197b533310f3ea7..a0ba1a5476f1a3ccd6d12e9babe8d2e355fee44b 100644 (file)
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -138,7 +138,7 @@ strdur(time_t duration)
     return out;
 }
 
-static char *
+static const char *
 strdate(krb5_timestamp when)
 {
     struct tm *tm;
@@ -146,7 +146,9 @@ strdate(krb5_timestamp when)
     time_t lcltim = ts2tt(when);
 
     tm = localtime(&lcltim);
-    strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm);
+    if (tm == NULL ||
+        strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm) == 0)
+        strlcpy(out, "(error)", sizeof(out));
     return out;
 }
 

diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 5395a6070cee1ec2675f535699249981c5583546..19796c202f1d1fe3df490019adb4020f7067c51a 100644 (file)
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -40,14 +40,17 @@ extern kadm5_config_params global_params;
 extern krb5_context util_context;
 extern time_t get_date(char *);
 
-static char *strdate(krb5_timestamp when)
+static const char *
+strdate(krb5_timestamp when)
 {
     struct tm *tm;
     static char out[40];
     time_t lcltim = ts2tt(when);
 
     tm = localtime(&lcltim);
-    strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm);
+    if (tm == NULL ||
+        strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm) == 0)
+        strlcpy(out, "(error)", sizeof(out));
     return out;
 }
 

diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c
index 6a8586da82077ed84089ff0b4cc6cd17ce5f3ff1..198cb1317ebd1ee192197857e6f51aa9c38ea4e8 100644 (file)
--- a/src/kadmin/ktutil/ktutil.c
+++ b/src/kadmin/ktutil/ktutil.c
@@ -249,7 +249,6 @@ void ktutil_list(argc, argv)
             time_t tstamp;
 
             tstamp = lp->entry->timestamp;
-            (void) localtime(&tstamp);
             lp->entry->timestamp = tstamp;
             fill = ' ';
             if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->

diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
index 6b258a6a056e4ebb557d46089a2ef221dafaddfb..45e1f81a52503624585a823b98c181f33ed1c40d 100644 (file)
--- a/src/kadmin/server/misc.c
+++ b/src/kadmin/server/misc.c
@@ -95,6 +95,8 @@ check_min_life(void *server_handle, krb5_principal principal,
                 until = princ.last_pwd_change + pol.pw_min_life;
 
                 time_string = ctime(&until);
+                if (time_string == NULL)
+                    time_string = "(error)";
                 errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
 
                 if (strlen(errstr) + strlen(time_string) < msg_len) {

diff --git a/src/lib/kadm5/chpass_util.c b/src/lib/kadm5/chpass_util.c
index 1680a550492285255c8287c39b06476e3e3ad0c2..9a1d62d948824d23a20ba6bcf7e1e635715f0abe 100644 (file)
--- a/src/lib/kadm5/chpass_util.c
+++ b/src/lib/kadm5/chpass_util.c
@@ -217,7 +217,9 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
         until = ts_incr(princ_ent.last_pwd_change, policy_ent.pw_min_life);
 
         time_string = ctime(&until);
-        if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+        if (time_string == NULL)
+            time_string = "(error)";
+        else if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
             *ptr = '\0';
 
         snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON),

diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index 2da8f92737610f2d2ce6f840104485b56838c32c..eff8a8aa41fe1286234c074626a666d6963cde9b 100644 (file)
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -638,7 +638,9 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
     time_t      now;
 #ifdef  HAVE_STRFTIME
     size_t      soff;
-#endif  /* HAVE_STRFTIME */
+#else
+    char       *r;
+#endif
 
     /*
      * Format a syslog-esque message of the format:
@@ -667,7 +669,10 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
      *  dow mon dd hh:mm:ss tzs yyyy\n
      *  012345678901234567890123456789
      */
-    strncpy(outbuf, ctime(&now) + 4, 15);
+    r = ctime(&now);
+    if (r == NULL)
+        return(-1);
+    strncpy(outbuf, r + 4, 15);
     cp += 15;
 #endif  /* HAVE_STRFTIME */
 #ifdef VERBOSE_LOGS

diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c
index f0a2ae20bab5d5ea4291d6d3687c4fc26e3696a9..efb3096cebec6b04f5939c73d5d3a489308fef2a 100644 (file)
--- a/src/lib/krb5/krb/str_conv.c
+++ b/src/lib/krb5/krb/str_conv.c
@@ -212,11 +212,8 @@ krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen)
     const char *fmt = "%c"; /* This is to get around gcc -Wall warning that
                                the year returned might be two digits */
 
-#ifdef HAVE_LOCALTIME_R
-    (void) localtime_r(&timestamp2, &tmbuf);
-#else
-    memcpy(&tmbuf, localtime(&timestamp2), sizeof(tmbuf));
-#endif
+    if (localtime_r(&timestamp2, &tmbuf) == NULL)
+        return(ENOMEM);
     ret = strftime(buffer, buflen, fmt, &tmbuf);
     if (ret == 0 || ret == buflen)
         return(ENOMEM);
@@ -246,11 +243,9 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen
     static const unsigned int sftime_format_table_nents =
         sizeof(sftime_format_table)/sizeof(sftime_format_table[0]);
 
-#ifdef HAVE_LOCALTIME_R
     tmp = localtime_r(&timestamp2, &tmbuf);
-#else
-    memcpy((tmp = &tmbuf), localtime(&timestamp2), sizeof(tmbuf));
-#endif
+    if (tmp == NULL)
+        return errno;
     ndone = 0;
     for (i=0; i<sftime_format_table_nents; i++) {
         if ((ndone = strftime(buffer, buflen, sftime_format_table[i], tmp)))

diff --git a/src/slave/kproplog.c b/src/slave/kproplog.c
index 7e4434e6f868456ba64e2fb61b852e171567d356..232a16ff710261e97a0b1134190c0e28bdb51245 100644 (file)
--- a/src/slave/kproplog.c
+++ b/src/slave/kproplog.c
@@ -71,13 +71,15 @@ print_flags(unsigned int flags)
 }
 
 /* ctime() for uint32_t* */
-static char *
+static const char *
 ctime_uint32(uint32_t *time32)
 {
     time_t tmp;
+    const char *r;
 
     tmp = *time32;
-    return ctime(&tmp);
+    r = ctime(&tmp);
+    return (r == NULL) ? "(error)" : r;
 }
 
 /* Display time information. */