CVS commit: src/lib/libutil

Mon, 19 Oct 2020 10:47:59 -0700 

Module Name:    src
Committed By:   kre
Date:           Mon Oct 19 17:47:45 UTC 2020

Modified Files:
        src/lib/libutil: parsedate.y

Log Message:
Check the year field of a tentative ISO-8601 date format for overflow
before committing to it being an 8601 format date, rather than after
(or the fall back grammar parser doesn't start with a clean slate).

This isn't likely to ever bother anyone, the chances of encountering
something that looks just like an 8601 format date, but with a year
field so large it overflows a long are kind of slim.   If it did happen
the chances that the string could be correctly parsed (into something
different) by the grammar are even slimmer. But better to do it properly.


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/lib/libutil/parsedate.y

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/libutil/parsedate.y
diff -u src/lib/libutil/parsedate.y:1.34 src/lib/libutil/parsedate.y:1.35
--- src/lib/libutil/parsedate.y:1.34	Mon Oct 19 15:08:17 2020
+++ src/lib/libutil/parsedate.y	Mon Oct 19 17:47:45 2020
@@ -14,7 +14,7 @@
 
 #include <sys/cdefs.h>
 #ifdef __RCSID
-__RCSID("$NetBSD: parsedate.y,v 1.34 2020/10/19 15:08:17 kre Exp $");
+__RCSID("$NetBSD: parsedate.y,v 1.35 2020/10/19 17:47:45 kre Exp $");
 #endif
 
 #include <stdio.h>
@@ -1081,6 +1081,7 @@ parsedate(const char *p, const time_t *n
 	const unsigned char *pp = (const unsigned char *)p;
 	char *ep;	/* starts as "expected, becomes "end ptr" */
 	static char format[] = "-dd-ddTdd:dd:dd";
+	time_t yr;
 
 	while (isdigit(*pp))
 		pp++;
@@ -1121,6 +1122,11 @@ parsedate(const char *p, const time_t *n
 	if (*pp != '\0' && !isspace(*pp))
 		break;
 
+	errno = 0;
+	yr = (time_t)strtol(p, &ep, 10);
+	if (errno != 0)			/* out of range (can be big number) */
+		break;			/* the ones below are all 2 digits */
+
 	/*
 	 * This is good enough to commit to there being an ISO format
 	 * timestamp leading the input string.   We permit standard
@@ -1135,10 +1141,7 @@ parsedate(const char *p, const time_t *n
 		param.yyHaveZone = 1;
 	}
 
-	errno = 0;
-	param.yyYear = (time_t)strtol(p, &ep, 10);
-	if (errno != 0)			/* out of range (can be big number) */
-		break;			/* the ones below are all 2 digits */
+	param.yyYear = yr;
 	param.yyMonth = (time_t)strtol(ep + 1, &ep, 10);
 	param.yyDay = (time_t)strtol(ep + 1, &ep, 10);
 	param.yyHour = (time_t)strtol(ep + 1, &ep, 10);

Reply via email to