From: Douglas Christman <DouglasChristman@gmail.com>
Date: Thu, 24 Nov 2016 17:47:55 +0000 (-0500)
Subject: calendarspec: reject strings with spurious spaces and signs
X-Git-Tag: v233~386^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9dfa81a00a9a7d4536f96848119c5ad40d9d72b4;p=thirdparty%2Fsystemd.git

calendarspec: reject strings with spurious spaces and signs

strtoul() parses leading whitespace and an optional sign;
check that the first character is a digit to prevent odd
specifications like "00:  00:  00" and "-00:+00/-1".
---

diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c
index eef4ed52408..1555230e30b 100644
--- a/src/basic/calendarspec.c
+++ b/src/basic/calendarspec.c
@@ -18,6 +18,7 @@
 ***/
 
 #include <alloca.h>
+#include <ctype.h>
 #include <errno.h>
 #include <stddef.h>
 #include <stdio.h>
@@ -458,6 +459,9 @@ static int parse_component_decimal(const char **p, bool usec, unsigned long *res
         char *ee = NULL;
         int r;
 
+        if (!isdigit(**p))
+                return -EINVAL;
+
         errno = 0;
         value = strtoul(*p, &ee, 10);
         if (errno > 0)
diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c
index 93414c85086..873a4910d27 100644
--- a/src/test/test-calendarspec.c
+++ b/src/test/test-calendarspec.c
@@ -216,6 +216,9 @@ int main(int argc, char* argv[]) {
         assert_se(calendar_spec_from_string("*-*~5/5", &c) < 0);
         assert_se(calendar_spec_from_string("Monday.. 12:00", &c) < 0);
         assert_se(calendar_spec_from_string("Monday..", &c) < 0);
+        assert_se(calendar_spec_from_string("-00:+00/-5", &c) < 0);
+        assert_se(calendar_spec_from_string("00:+00/-5", &c) < 0);
+        assert_se(calendar_spec_from_string("2016- 11- 24 12: 30: 00", &c) < 0);
 
         test_timestamp();
         test_hourly_bug_4031();