From: mestre <mestre@openbsd.org>
Date: Mon, 20 Aug 2018 06:24:50 +0000 (+0000)
Subject: Since we can feed localtime(3) with garbage input, or with input it cannot
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=134d3d083422ac96be09f0670aae75c760003582;p=openbsd

Since we can feed localtime(3) with garbage input, or with input it cannot
interpret, we always need to check its return value, and in the case it's NULL
then error and exit before proceeding further otherwise in this specific
program we would find a null dereference down the road which would make the
program segfault.

OK cheloha@
---

diff --git a/usr.sbin/ac/ac.c b/usr.sbin/ac/ac.c
index 97d0f82034e..f0005cea8a9 100644
--- a/usr.sbin/ac/ac.c
+++ b/usr.sbin/ac/ac.c
@@ -410,6 +410,8 @@ ac(FILE	*fp)
 		prev = usr.ut_time;
 		if (Flags & AC_D) {
 			ltm = localtime(&usr.ut_time);
+			if (ltm == NULL)
+				err(1, "localtime");
 			if (day >= 0 && day != ltm->tm_yday) {
 				day = ltm->tm_yday;
 				/*
@@ -461,6 +463,8 @@ ac(FILE	*fp)
 
 	if (Flags & AC_D) {
 		ltm = localtime(&usr.ut_time);
+		if (ltm == NULL)
+			err(1, "localtime");
 		if (day >= 0 && day != ltm->tm_yday) {
 			/*
 			 * print yesterday's total