From 4951d61a5d544ac07d194194f789d6bdf6f7c835 Mon Sep 17 00:00:00 2001 From: infirit Date: Wed, 19 Nov 2014 16:40:15 +0100 Subject: Prevent a NULL pointer deref in mktime_from_string(). It's possible to call mktime_from_string() with NULL arguments for day, month and year. This would in turn lead to calling atoi(NULL), which leads to a crash. So instead fill in any NULL values with the corresponding unit from Jan 1st 1970. Based on FR commit: 2899c092f249a4fa822a896baf128b6c8c75b634 From: Jasper Lievisse Adriaanse --- src/fr-command-rpm.c | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) (limited to 'src/fr-command-rpm.c') diff --git a/src/fr-command-rpm.c b/src/fr-command-rpm.c index 6ac4aea..05dff90 100644 --- a/src/fr-command-rpm.c +++ b/src/fr-command-rpm.c @@ -62,23 +62,32 @@ mktime_from_string (char *month, tm.tm_mon = i; break; } - } - tm.tm_mday = atoi (mday); - if (strchr (year, ':') != NULL) { - char **fields = g_strsplit (year, ":", 2); - if (n_fields (fields) == 2) { - time_t now; - struct tm *now_tm; - - tm.tm_hour = atoi (fields[0]); - tm.tm_min = atoi (fields[1]); - - now = time(NULL); - now_tm = localtime (&now); - tm.tm_year = now_tm->tm_year; - } } else - tm.tm_year = atoi (year) - 1900; + tm.tm_mon = 0; + + if (mday != NULL) + tm.tm_mday = atoi (mday); + else + tm.tm_mday = 1; + + if (year != NULL) { + if (strchr (year, ':') != NULL) { + char **fields = g_strsplit (year, ":", 2); + if (n_fields (fields) == 2) { + time_t now; + struct tm *now_tm; + + tm.tm_hour = atoi (fields[0]); + tm.tm_min = atoi (fields[1]); + + now = time(NULL); + now_tm = localtime (&now); + tm.tm_year = now_tm->tm_year; + } + } else + tm.tm_year = atoi (year) - 1900; + } else + tm.tm_year = 70; return mktime (&tm); } -- cgit v1.2.1