| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250217162153.838113-2-ant.v.moryakov@gmail.com>
Date: Mon, 17 Feb 2025 19:21:51 +0300
From: Anton Moryakov <ant.v.moryakov@...il.com>
To: netdev@...r.kernel.org
Cc: Anton Moryakov <ant.v.moryakov@...il.com>
Subject: [PATCH iproute2-next] ip: handle NULL return from localtime in strxf_time in
Static analyzer reported:
Pointer 'tp', returned from function 'localtime' at ipxfrm.c:352, may be NULL
and is dereferenced at ipxfrm.c:354 by calling function 'strftime'.
Corrections explained:
The function localtime() may return NULL if the provided time value is
invalid. This commit adds a check for NULL and handles the error case
by copying "invalid-time" into the output buffer.
Unlikely, but may return an error
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>
---
ip/ipxfrm.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 90d25aac..9bfd96ab 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -351,7 +351,12 @@ static const char *strxf_time(__u64 time)
t = (long)time;
tp = localtime(&t);
- strftime(str, sizeof(str), "%Y-%m-%d %T", tp);
+ if (!tp) {
+ /* Handle error case */
+ strcpy(str, "invalid-time");
+ } else {
+ strftime(str, sizeof(str), "%Y-%m-%d %T", tp);
+ }
}
return str;
--
2.30.2
Powered by blists - more mailing lists