The tm_mon already adjusts by 1, so the allowed range should be 0 - 11. Since mktime(3) is permissive in what it accepts, I think this check is correct.
The second part handles the (theoretically valid but essentially useless) parsing of a configuration file with an ISO 8601 date with leap second. I'm not sure whether mktime(3) discards or keeps valid leap seconds, or if the "restrictedness" of the implementation should permit them, so maybe this isn't necessary. Apologies since gmail will probably mangle the diff. --david --- usr.bin/newsyslog/newsyslog.c Thu Nov 20 15:11:02 2014 +++ usr.bin/newsyslog/newsyslog.c Thu Nov 20 15:12:39 2014 @@ -1186,7 +1186,7 @@ parse8601(char *s) } /* sanity check */ - if (tm.tm_year < 70 || tm.tm_mon < 0 || tm.tm_mon > 12 || + if (tm.tm_year < 70 || tm.tm_mon < 0 || tm.tm_mon > 11 || tm.tm_mday < 1 || tm.tm_mday > 31) return (-1); @@ -1213,7 +1213,7 @@ parse8601(char *s) } /* sanity check */ - if (tm.tm_sec < 0 || tm.tm_sec > 60 || tm.tm_min < 0 || + if (tm.tm_sec < 0 || tm.tm_sec > 61 || tm.tm_min < 0 || tm.tm_min > 59 || tm.tm_hour < 0 || tm.tm_hour > 23) return (-1); }