From: shumikhinaka <shumikhinaka@sgu.ru>
Date: Thu, 11 Jun 2026 14:49:58 +0000 (+0400)
Subject: s3:utils: Fix buffer underflow in parse_timeout for empty strings
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;p=thirdparty%2Fsamba.git

s3:utils: Fix buffer underflow in parse_timeout for empty strings

The parse_timeout function is called with a command-line argument. The user
may pass an empty string, which will result in undefined behavior until
the result is checked.

A check for the string length has been added immediately after the strlen()
call. If an empty string is passed, the function returns 0, preventing
incorrect access to the array.

Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org>
Signed-off-by: Shumikhina Ksenia <shumikhinaka@sgu.ru>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Jun 19 13:03:44 UTC 2026 on atb-devel-224
---

diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index f8fd3872d62..8b43ac506cc 100644
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -147,6 +147,11 @@ static time_t parse_timeout(const char* timeout_str)
 	int len, number_begin, number_end;
 	time_t timeout;
 
+	len = strlen(timeout_str);
+	if (len == 0) {
+		return 0;
+	}
+
 	/* sign detection */
 	if (timeout_str[0] == '!' || timeout_str[0] == '+') {
 		sign = timeout_str[0];
@@ -156,7 +161,6 @@ static time_t parse_timeout(const char* timeout_str)
 	}
 
 	/* unit detection */
-	len = strlen(timeout_str);
 	switch (timeout_str[len - 1]) {
 	case 's':
 	case 'm':