This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new ffed68edb6 Coverity 1508901: Use of 32-bit time_t in access_control
plugin (#10506)
ffed68edb6 is described below
commit ffed68edb690c4819dac10b4305ef61add0bcb2d
Author: Bryan Call <bc...@apache.org>
AuthorDate: Mon Sep 25 14:48:20 2023 -0700
Coverity 1508901: Use of 32-bit time_t in access_control plugin (#10506)
---
plugins/experimental/access_control/access_control.cc | 6 +++---
plugins/experimental/access_control/access_control.h | 6 +++---
plugins/experimental/access_control/common.cc | 15 ++++++++++++++-
plugins/experimental/access_control/common.h | 1 +
4 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/plugins/experimental/access_control/access_control.cc
b/plugins/experimental/access_control/access_control.cc
index 5ed48f7212..5ed93e0ca5 100644
--- a/plugins/experimental/access_control/access_control.cc
+++ b/plugins/experimental/access_control/access_control.cc
@@ -143,7 +143,7 @@ AccessToken::validateTiming(time_t time)
/* Validate and check not before timestamp */
if (!_notBefore.empty()) {
- if (0 == (t = string2int(_notBefore))) {
+ if (0 == (t = string2time(_notBefore))) {
return _state = INVALID_FIELD_VALUE;
} else {
if (time <= t) {
@@ -154,7 +154,7 @@ AccessToken::validateTiming(time_t time)
/* Validate and check expiration timestamp */
if (!_expiration.empty()) {
- if (0 == (t = string2int(_expiration))) {
+ if (0 == (t = string2time(_expiration))) {
return _state = INVALID_FIELD_VALUE;
} else {
if (time > t) {
@@ -164,7 +164,7 @@ AccessToken::validateTiming(time_t time)
}
/* "issued at" time-stamp is currently only for info, so check if the
time-stamp is valid only */
- if (!_issuedAt.empty() && 0 == string2int(_issuedAt)) {
+ if (!_issuedAt.empty() && 0 == string2time(_issuedAt)) {
return _state = INVALID_FIELD_VALUE;
}
diff --git a/plugins/experimental/access_control/access_control.h
b/plugins/experimental/access_control/access_control.h
index 7aefefc5bd..079a201da6 100644
--- a/plugins/experimental/access_control/access_control.h
+++ b/plugins/experimental/access_control/access_control.h
@@ -125,19 +125,19 @@ public:
time_t
getExpiration() const
{
- return string2int(_expiration);
+ return string2time(_expiration);
}
time_t
getNotBefore() const
{
- return string2int(_notBefore);
+ return string2time(_notBefore);
}
time_t
getIssuedAt() const
{
- return string2int(_issuedAt);
+ return string2time(_issuedAt);
}
StringView
diff --git a/plugins/experimental/access_control/common.cc
b/plugins/experimental/access_control/common.cc
index dbbd17c2e6..4f71c1f7e5 100644
--- a/plugins/experimental/access_control/common.cc
+++ b/plugins/experimental/access_control/common.cc
@@ -45,10 +45,23 @@ DbgCtl dbg_ctl{PLUGIN_NAME};
int
string2int(const StringView &s)
+{
+ int t = 0;
+ try {
+ t = std::stoi(String(s));
+ } catch (...) {
+ /* Failed to convert return impossible value */
+ return 0;
+ }
+ return t;
+}
+
+time_t
+string2time(const StringView &s)
{
time_t t = 0;
try {
- t = static_cast<time_t>(std::stoi(String(s)));
+ t = static_cast<time_t>(std::stol(String(s)));
} catch (...) {
/* Failed to convert return impossible value */
return 0;
diff --git a/plugins/experimental/access_control/common.h
b/plugins/experimental/access_control/common.h
index 0b7f922c41..82d92528fb 100644
--- a/plugins/experimental/access_control/common.h
+++ b/plugins/experimental/access_control/common.h
@@ -74,3 +74,4 @@ using namespace access_control_ns;
#endif /* ACCESS_CONTROL_UNIT_TEST */
int string2int(const StringView &s);
+time_t string2time(const StringView &s);
