From: Greg Hudson Date: Sat, 1 Sep 2018 21:30:33 +0000 (-0400) Subject: Check more time function results X-Git-Tag: krb5-1.17-beta1~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F838%2Fhead;p=thirdparty%2Fkrb5.git Check more time function results In logger.c:klog_vsyslog(), check the return value of localtime(). In ldap_principal2.c:getstringtime(), check the strftime() result and don't leak strtime on error. --- diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index eff8a8aa41..68fd82f620 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -638,6 +638,7 @@ klog_vsyslog(int priority, const char *format, va_list arglist) time_t now; #ifdef HAVE_STRFTIME size_t soff; + struct tm *tm; #else char *r; #endif @@ -657,7 +658,10 @@ klog_vsyslog(int priority, const char *format, va_list arglist) /* * Format the date: mon dd hh:mm:ss */ - soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", localtime(&now)); + tm = localtime(&now); + if (tm == NULL) + return(-1); + soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", tm); if (soff > 0) cp += soff; else diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index b7c9212cb2..4dac2420a5 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -1748,13 +1748,15 @@ getstringtime(krb5_timestamp epochtime) char *strtime=NULL; time_t posixtime = ts2tt(epochtime); - strtime = calloc (50, 1); - if (strtime == NULL) - return NULL; - if (gmtime_r(&posixtime, &tme) == NULL) return NULL; - strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme); + strtime = calloc(50, 1); + if (strtime == NULL) + return NULL; + if (strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme) == 0) { + free(strtime); + return NULL; + } return strtime; }