s3:utils: Fix buffer underflow in parse_timeout for empty strings

The parse_timeout function is called with a command-line argument. The user
may pass an empty string, which will result in undefined behavior until
the result is checked.

A check for the string length has been added immediately after the strlen()
call. If an empty string is passed, the function returns 0, preventing
incorrect access to the array.

Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org>
Signed-off-by: Shumikhina Ksenia <shumikhinaka@sgu.ru>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Jun 19 13:03:44 UTC 2026 on atb-devel-224

diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index f8fd3872d625f48f5f9ee61573d28d203b5f911b..8b43ac506ccd31dad69733960285f96c08fdb8ba 100644 (file)
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -147,6 +147,11 @@ static time_t parse_timeout(const char* timeout_str)
        int len, number_begin, number_end;
        time_t timeout;
 
+       len = strlen(timeout_str);
+       if (len == 0) {
+               return 0;
+       }
+
        /* sign detection */
        if (timeout_str[0] == '!' || timeout_str[0] == '+') {
                sign = timeout_str[0];
@@ -156,7 +161,6 @@ static time_t parse_timeout(const char* timeout_str)
        }
 
        /* unit detection */
-       len = strlen(timeout_str);
        switch (timeout_str[len - 1]) {
        case 's':
        case 'm':