krb5 commit: Check more time function results

Greg Hudson ghudson at mit.edu
Wed Sep 5 17:12:16 EDT 2018 

https://github.com/krb5/krb5/commit/88ce983a3be9ef0d740ceafee1e82de06b8b987e
commit 88ce983a3be9ef0d740ceafee1e82de06b8b987e
Author: Greg Hudson <ghudson at mit.edu>
Date:   Sat Sep 1 17:30:33 2018 -0400

    Check more time function results
    
    In logger.c:klog_vsyslog(), check the return value of localtime().  In
    ldap_principal2.c:getstringtime(), check the strftime() result and
    don't leak strtime on error.

 src/lib/kadm5/logger.c                             |    6 +++++-
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |   12 +++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index eff8a8a..68fd82f 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -638,6 +638,7 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
     time_t      now;
 #ifdef  HAVE_STRFTIME
     size_t      soff;
+    struct tm  *tm;
 #else
     char       *r;
 #endif
@@ -657,7 +658,10 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
     /*
      * Format the date: mon dd hh:mm:ss
      */
-    soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", localtime(&now));
+    tm = localtime(&now);
+    if (tm == NULL)
+        return(-1);
+    soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", tm);
     if (soff > 0)
         cp += soff;
     else
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index b7c9212..4dac242 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -1748,13 +1748,15 @@ getstringtime(krb5_timestamp epochtime)
     char                *strtime=NULL;
     time_t              posixtime = ts2tt(epochtime);
 
-    strtime = calloc (50, 1);
-    if (strtime == NULL)
-        return NULL;
-
     if (gmtime_r(&posixtime, &tme) == NULL)
         return NULL;
 
-    strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme);
+    strtime = calloc(50, 1);
+    if (strtime == NULL)
+        return NULL;
+    if (strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme) == 0) {
+        free(strtime);
+        return NULL;
+    }
     return strtime;
 }

More information about the cvs-krb5 mailing list