From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 24 Aug 2017 09:12:14 +0000 (+0200)
Subject: util: check for gmtime() error
X-Git-Tag: 3.2-pre2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f40b0024bd43b24d4d3a97ba28def9b4fdfc336e;p=thirdparty%2Fchrony.git

util: check for gmtime() error

Fix the UTI_TimeToLogForm() function to check if gmtime() didn't fail.
This caused chronyc to crash due to dereferencing a NULL pointer when
a response to the "manual list" request contained time which gmtime()
could not convert to broken-down representation.

This issue was found in an audit performed by Cure53 and sponsored by
Mozilla.
---

diff --git a/util.c b/util.c
index be47f1c4..b562fedf 100644
--- a/util.c
+++ b/util.c
@@ -610,13 +610,17 @@ UTI_SockaddrFamilyToString(int family)
 char *
 UTI_TimeToLogForm(time_t t)
 {
-  struct tm stm;
+  struct tm *stm;
   char *result;
 
   result = NEXT_BUFFER;
 
-  stm = *gmtime(&t);
-  strftime(result, BUFFER_LENGTH, "%Y-%m-%d %H:%M:%S", &stm);
+  stm = gmtime(&t);
+
+  if (stm)
+    strftime(result, BUFFER_LENGTH, "%Y-%m-%d %H:%M:%S", stm);
+  else
+    snprintf(result, BUFFER_LENGTH, "INVALID    INVALID ");
 
   return result;
 }