From 73fe6daa500a9a42075e60ad1f2083099184ce22 Mon Sep 17 00:00:00 2001 From: florian Date: Sun, 28 Apr 2024 16:42:53 +0000 Subject: [PATCH] gmtime(3) / locatime(3) can fail when timestamps are way off. Add missing error checks to all calls under libexec/ Input & OK millert --- libexec/ftpd/ftpcmd.y | 7 +++++- libexec/getty/main.c | 12 ++++++---- libexec/snmpd/snmpd_metrics/mib.c | 38 ++++++++++++++++--------------- libexec/talkd/announce.c | 13 +++++++---- 4 files changed, 42 insertions(+), 28 deletions(-) diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y index e85d7ccb72f..e5d80528a65 100644 --- a/libexec/ftpd/ftpcmd.y +++ b/libexec/ftpd/ftpcmd.y @@ -1,4 +1,4 @@ -/* $OpenBSD: ftpcmd.y,v 1.74 2023/03/08 04:43:05 guenther Exp $ */ +/* $OpenBSD: ftpcmd.y,v 1.75 2024/04/28 16:42:53 florian Exp $ */ /* $NetBSD: ftpcmd.y,v 1.7 1996/04/08 19:03:11 jtc Exp $ */ /* @@ -613,6 +613,11 @@ cmd } else { struct tm *t; t = gmtime(&stbuf.st_mtime); + if (t == NULL) { + /* invalid time, use epoch */ + stbuf.st_mtime = 0; + t = gmtime(&stbuf.st_mtime); + } reply(213, "%04d%02d%02d%02d%02d%02d", 1900 + t->tm_year, diff --git a/libexec/getty/main.c b/libexec/getty/main.c index 3ac0939d8c8..dac5ad3449b 100644 --- a/libexec/getty/main.c +++ b/libexec/getty/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.54 2019/06/28 13:32:53 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.55 2024/04/28 16:42:53 florian Exp $ */ /*- * Copyright (c) 1980, 1993 @@ -562,10 +562,12 @@ putf(char *cp) break; case 'd': { - (void)time(&t); - (void)strftime(db, sizeof(db), - "%l:%M%p on %A, %d %B %Y", localtime(&t)); - xputs(db); + struct tm *tm; + time(&t); + if ((tm = localtime(&t)) != NULL) + if (strftime(db, sizeof(db), + "%l:%M%p on %A, %d %B %Y", tm) != 0) + xputs(db); break; } diff --git a/libexec/snmpd/snmpd_metrics/mib.c b/libexec/snmpd/snmpd_metrics/mib.c index a3b80ddf9ac..2cda1dd0e4e 100644 --- a/libexec/snmpd/snmpd_metrics/mib.c +++ b/libexec/snmpd/snmpd_metrics/mib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mib.c,v 1.7 2023/11/21 08:49:08 martijn Exp $ */ +/* $OpenBSD: mib.c,v 1.8 2024/04/28 16:42:53 florian Exp $ */ /* * Copyright (c) 2022 Martijn van Duren @@ -296,27 +296,29 @@ mib_hrsystemdate(struct agentx_varbind *vb) int tzoffset; unsigned short year; + memset(s, 0, sizeof(s)); (void)time(&now); ptm = localtime(&now); - year = htons(ptm->tm_year + 1900); - memcpy(s, &year, 2); - s[2] = ptm->tm_mon + 1; - s[3] = ptm->tm_mday; - s[4] = ptm->tm_hour; - s[5] = ptm->tm_min; - s[6] = ptm->tm_sec; - s[7] = 0; - - tzoffset = ptm->tm_gmtoff; - if (tzoffset < 0) - s[8] = '-'; - else - s[8] = '+'; - - s[9] = abs(tzoffset) / 3600; - s[10] = (abs(tzoffset) - (s[9] * 3600)) / 60; + if (ptm != NULL) { + year = htons(ptm->tm_year + 1900); + memcpy(s, &year, 2); + s[2] = ptm->tm_mon + 1; + s[3] = ptm->tm_mday; + s[4] = ptm->tm_hour; + s[5] = ptm->tm_min; + s[6] = ptm->tm_sec; + s[7] = 0; + + tzoffset = ptm->tm_gmtoff; + if (tzoffset < 0) + s[8] = '-'; + else + s[8] = '+'; + s[9] = abs(tzoffset) / 3600; + s[10] = (abs(tzoffset) - (s[9] * 3600)) / 60; + } agentx_varbind_nstring(vb, s, sizeof(s)); } diff --git a/libexec/talkd/announce.c b/libexec/talkd/announce.c index 00bdd0b8c96..10e1b7e7c6d 100644 --- a/libexec/talkd/announce.c +++ b/libexec/talkd/announce.c @@ -1,4 +1,4 @@ -/* $OpenBSD: announce.c,v 1.25 2019/06/28 13:32:53 deraadt Exp $ */ +/* $OpenBSD: announce.c,v 1.26 2024/04/28 16:42:53 florian Exp $ */ /* * Copyright (c) 1983 Regents of the University of California. @@ -102,9 +102,14 @@ print_mesg(FILE *tf, CTL_MSG *request, char *remote_machine) sizes[i] = strlen(line_buf[i]); max_size = max(max_size, sizes[i]); i++; - (void)snprintf(line_buf[i], N_CHARS, - "Message from Talk_Daemon@%s at %d:%02d ...", - hostname, localclock->tm_hour , localclock->tm_min ); + if (localclock) { + (void)snprintf(line_buf[i], N_CHARS, + "Message from Talk_Daemon@%s at %d:%02d ...", + hostname, localclock->tm_hour , localclock->tm_min ); + } else { + (void)snprintf(line_buf[i], N_CHARS, + "Message from Talk_Daemon@%s ...", hostname); + } sizes[i] = strlen(line_buf[i]); max_size = max(max_size, sizes[i]); i++; -- 2.20.1