isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check strftime(3) return value in all cases.

Browse Source 
Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear the last byte of the buffer and check it.
This commit is contained in:
Todd C. Miller
2021-09-17 14:01:28 -06:00
parent 698481492c
commit 55171df5e5
10 changed files with 105 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/sudoers/parse.c
View File

@@ -621,18 +621,22 @@ display_priv_long(struct sudoers_parse_tree *parse_tree, struct passwd *pw,
sudo_lbuf_append(lbuf, " Timeout: %s\n", numbuf);
}
if (cs->notbefore != UNSPEC) {
char buf[sizeof("CCYYMMDDHHMMSSZ")];
char buf[sizeof("CCYYMMDDHHMMSSZ")] = "";
struct tm gmt;
int len;
if (gmtime_r(&cs->notbefore, &gmt) != NULL) {
if (strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt) != 0)
len = strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt);
if (len != 0 && buf[sizeof(buf) - 1] == '\0')
sudo_lbuf_append(lbuf, " NotBefore: %s\n", buf);
}
}
if (cs->notafter != UNSPEC) {
char buf[sizeof("CCYYMMDDHHMMSSZ")];
char buf[sizeof("CCYYMMDDHHMMSSZ")] = "";
struct tm gmt;
int len;
if (gmtime_r(&cs->notafter, &gmt) != NULL) {
if (strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt) != 0)
len = strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", &gmt);
if (len != 0 && buf[sizeof(buf) - 1] == '\0')
sudo_lbuf_append(lbuf, " NotAfter: %s\n", buf);
}
}