Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/lib/libutil Check the year field of a tentative ISO-8601 dat...



details:   https://anonhg.NetBSD.org/src/rev/15ec828e4b15
branches:  trunk
changeset: 977267:15ec828e4b15
user:      kre <kre%NetBSD.org@localhost>
date:      Mon Oct 19 17:47:45 2020 +0000

description:
Check the year field of a tentative ISO-8601 date format for overflow
before committing to it being an 8601 format date, rather than after
(or the fall back grammar parser doesn't start with a clean slate).

This isn't likely to ever bother anyone, the chances of encountering
something that looks just like an 8601 format date, but with a year
field so large it overflows a long are kind of slim.   If it did happen
the chances that the string could be correctly parsed (into something
different) by the grammar are even slimmer. But better to do it properly.

diffstat:

 lib/libutil/parsedate.y |  13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diffs (44 lines):

diff -r a04575042574 -r 15ec828e4b15 lib/libutil/parsedate.y
--- a/lib/libutil/parsedate.y   Mon Oct 19 17:47:37 2020 +0000
+++ b/lib/libutil/parsedate.y   Mon Oct 19 17:47:45 2020 +0000
@@ -14,7 +14,7 @@
 
 #include <sys/cdefs.h>
 #ifdef __RCSID
-__RCSID("$NetBSD: parsedate.y,v 1.34 2020/10/19 15:08:17 kre Exp $");
+__RCSID("$NetBSD: parsedate.y,v 1.35 2020/10/19 17:47:45 kre Exp $");
 #endif
 
 #include <stdio.h>
@@ -1081,6 +1081,7 @@
        const unsigned char *pp = (const unsigned char *)p;
        char *ep;       /* starts as "expected, becomes "end ptr" */
        static char format[] = "-dd-ddTdd:dd:dd";
+       time_t yr;
 
        while (isdigit(*pp))
                pp++;
@@ -1121,6 +1122,11 @@
        if (*pp != '\0' && !isspace(*pp))
                break;
 
+       errno = 0;
+       yr = (time_t)strtol(p, &ep, 10);
+       if (errno != 0)                 /* out of range (can be big number) */
+               break;                  /* the ones below are all 2 digits */
+
        /*
         * This is good enough to commit to there being an ISO format
         * timestamp leading the input string.   We permit standard
@@ -1135,10 +1141,7 @@
                param.yyHaveZone = 1;
        }
 
-       errno = 0;
-       param.yyYear = (time_t)strtol(p, &ep, 10);
-       if (errno != 0)                 /* out of range (can be big number) */
-               break;                  /* the ones below are all 2 digits */
+       param.yyYear = yr;
        param.yyMonth = (time_t)strtol(ep + 1, &ep, 10);
        param.yyDay = (time_t)strtol(ep + 1, &ep, 10);
        param.yyHour = (time_t)strtol(ep + 1, &ep, 10);



Home | Main Index | Thread Index | Old Index