1*4882a593SmuzhiyunFrom 09f489c89c826293ff8cbd282cfc866ab56054c4 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Laszlo Varady <laszlo.varady@protonmail.com> 3*4882a593SmuzhiyunDate: Sat, 20 Aug 2022 14:29:43 +0200 4*4882a593SmuzhiyunSubject: [PATCH 6/8] timeutils: name repeating constant 5*4882a593SmuzhiyunMIME-Version: 1.0 6*4882a593SmuzhiyunContent-Type: text/plain; charset=UTF-8 7*4882a593SmuzhiyunContent-Transfer-Encoding: 8bit 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunCVE: CVE-2022-38725 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunUpstream-Status: Backport 12*4882a593Smuzhiyun[https://github.com/syslog-ng/syslog-ng/commit/09f489c89c826293ff8cbd282cfc866ab56054c4] 13*4882a593Smuzhiyun 14*4882a593SmuzhiyunSigned-off-by: László Várady <laszlo.varady@protonmail.com> 15*4882a593Smuzhiyun 16*4882a593SmuzhiyunSigned-off-by: Yogita Urade <yogita.urade@windriver.com> 17*4882a593Smuzhiyun--- 18*4882a593Smuzhiyun lib/timeutils/scan-timestamp.c | 54 ++++++++++++++++++---------------- 19*4882a593Smuzhiyun 1 file changed, 29 insertions(+), 25 deletions(-) 20*4882a593Smuzhiyun 21*4882a593Smuzhiyundiff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c 22*4882a593Smuzhiyunindex 4fbe94a36..d22d50973 100644 23*4882a593Smuzhiyun--- a/lib/timeutils/scan-timestamp.c 24*4882a593Smuzhiyun+++ b/lib/timeutils/scan-timestamp.c 25*4882a593Smuzhiyun@@ -34,41 +34,43 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday) 26*4882a593Smuzhiyun { 27*4882a593Smuzhiyun *wday = -1; 28*4882a593Smuzhiyun 29*4882a593Smuzhiyun- if (*left < 3) 30*4882a593Smuzhiyun+ const gsize abbrev_length = 3; 31*4882a593Smuzhiyun+ 32*4882a593Smuzhiyun+ if (*left < abbrev_length) 33*4882a593Smuzhiyun return FALSE; 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun switch (**buf) 36*4882a593Smuzhiyun { 37*4882a593Smuzhiyun case 'S': 38*4882a593Smuzhiyun- if (strncasecmp(*buf, "Sun", 3) == 0) 39*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Sun", abbrev_length) == 0) 40*4882a593Smuzhiyun *wday = 0; 41*4882a593Smuzhiyun- else if (strncasecmp(*buf, "Sat", 3) == 0) 42*4882a593Smuzhiyun+ else if (strncasecmp(*buf, "Sat", abbrev_length) == 0) 43*4882a593Smuzhiyun *wday = 6; 44*4882a593Smuzhiyun else 45*4882a593Smuzhiyun return FALSE; 46*4882a593Smuzhiyun break; 47*4882a593Smuzhiyun case 'M': 48*4882a593Smuzhiyun- if (strncasecmp(*buf, "Mon", 3) == 0) 49*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Mon", abbrev_length) == 0) 50*4882a593Smuzhiyun *wday = 1; 51*4882a593Smuzhiyun else 52*4882a593Smuzhiyun return FALSE; 53*4882a593Smuzhiyun break; 54*4882a593Smuzhiyun case 'T': 55*4882a593Smuzhiyun- if (strncasecmp(*buf, "Tue", 3) == 0) 56*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Tue", abbrev_length) == 0) 57*4882a593Smuzhiyun *wday = 2; 58*4882a593Smuzhiyun- else if (strncasecmp(*buf, "Thu", 3) == 0) 59*4882a593Smuzhiyun+ else if (strncasecmp(*buf, "Thu", abbrev_length) == 0) 60*4882a593Smuzhiyun *wday = 4; 61*4882a593Smuzhiyun else 62*4882a593Smuzhiyun return FALSE; 63*4882a593Smuzhiyun break; 64*4882a593Smuzhiyun case 'W': 65*4882a593Smuzhiyun- if (strncasecmp(*buf, "Wed", 3) == 0) 66*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Wed", abbrev_length) == 0) 67*4882a593Smuzhiyun *wday = 3; 68*4882a593Smuzhiyun else 69*4882a593Smuzhiyun return FALSE; 70*4882a593Smuzhiyun break; 71*4882a593Smuzhiyun case 'F': 72*4882a593Smuzhiyun- if (strncasecmp(*buf, "Fri", 3) == 0) 73*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Fri", abbrev_length) == 0) 74*4882a593Smuzhiyun *wday = 5; 75*4882a593Smuzhiyun else 76*4882a593Smuzhiyun return FALSE; 77*4882a593Smuzhiyun@@ -77,8 +79,8 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday) 78*4882a593Smuzhiyun return FALSE; 79*4882a593Smuzhiyun } 80*4882a593Smuzhiyun 81*4882a593Smuzhiyun- (*buf) += 3; 82*4882a593Smuzhiyun- (*left) -= 3; 83*4882a593Smuzhiyun+ (*buf) += abbrev_length; 84*4882a593Smuzhiyun+ (*left) -= abbrev_length; 85*4882a593Smuzhiyun return TRUE; 86*4882a593Smuzhiyun } 87*4882a593Smuzhiyun 88*4882a593Smuzhiyun@@ -87,63 +89,65 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon) 89*4882a593Smuzhiyun { 90*4882a593Smuzhiyun *mon = -1; 91*4882a593Smuzhiyun 92*4882a593Smuzhiyun- if (*left < 3) 93*4882a593Smuzhiyun+ const gsize abbrev_length = 3; 94*4882a593Smuzhiyun+ 95*4882a593Smuzhiyun+ if (*left < abbrev_length) 96*4882a593Smuzhiyun return FALSE; 97*4882a593Smuzhiyun 98*4882a593Smuzhiyun switch (**buf) 99*4882a593Smuzhiyun { 100*4882a593Smuzhiyun case 'J': 101*4882a593Smuzhiyun- if (strncasecmp(*buf, "Jan", 3) == 0) 102*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Jan", abbrev_length) == 0) 103*4882a593Smuzhiyun *mon = 0; 104*4882a593Smuzhiyun- else if (strncasecmp(*buf, "Jun", 3) == 0) 105*4882a593Smuzhiyun+ else if (strncasecmp(*buf, "Jun", abbrev_length) == 0) 106*4882a593Smuzhiyun *mon = 5; 107*4882a593Smuzhiyun- else if (strncasecmp(*buf, "Jul", 3) == 0) 108*4882a593Smuzhiyun+ else if (strncasecmp(*buf, "Jul", abbrev_length) == 0) 109*4882a593Smuzhiyun *mon = 6; 110*4882a593Smuzhiyun else 111*4882a593Smuzhiyun return FALSE; 112*4882a593Smuzhiyun break; 113*4882a593Smuzhiyun case 'F': 114*4882a593Smuzhiyun- if (strncasecmp(*buf, "Feb", 3) == 0) 115*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Feb", abbrev_length) == 0) 116*4882a593Smuzhiyun *mon = 1; 117*4882a593Smuzhiyun else 118*4882a593Smuzhiyun return FALSE; 119*4882a593Smuzhiyun break; 120*4882a593Smuzhiyun case 'M': 121*4882a593Smuzhiyun- if (strncasecmp(*buf, "Mar", 3) == 0) 122*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Mar", abbrev_length) == 0) 123*4882a593Smuzhiyun *mon = 2; 124*4882a593Smuzhiyun- else if (strncasecmp(*buf, "May", 3) == 0) 125*4882a593Smuzhiyun+ else if (strncasecmp(*buf, "May", abbrev_length) == 0) 126*4882a593Smuzhiyun *mon = 4; 127*4882a593Smuzhiyun else 128*4882a593Smuzhiyun return FALSE; 129*4882a593Smuzhiyun break; 130*4882a593Smuzhiyun case 'A': 131*4882a593Smuzhiyun- if (strncasecmp(*buf, "Apr", 3) == 0) 132*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Apr", abbrev_length) == 0) 133*4882a593Smuzhiyun *mon = 3; 134*4882a593Smuzhiyun- else if (strncasecmp(*buf, "Aug", 3) == 0) 135*4882a593Smuzhiyun+ else if (strncasecmp(*buf, "Aug", abbrev_length) == 0) 136*4882a593Smuzhiyun *mon = 7; 137*4882a593Smuzhiyun else 138*4882a593Smuzhiyun return FALSE; 139*4882a593Smuzhiyun break; 140*4882a593Smuzhiyun case 'S': 141*4882a593Smuzhiyun- if (strncasecmp(*buf, "Sep", 3) == 0) 142*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Sep", abbrev_length) == 0) 143*4882a593Smuzhiyun *mon = 8; 144*4882a593Smuzhiyun else 145*4882a593Smuzhiyun return FALSE; 146*4882a593Smuzhiyun break; 147*4882a593Smuzhiyun case 'O': 148*4882a593Smuzhiyun- if (strncasecmp(*buf, "Oct", 3) == 0) 149*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Oct", abbrev_length) == 0) 150*4882a593Smuzhiyun *mon = 9; 151*4882a593Smuzhiyun else 152*4882a593Smuzhiyun return FALSE; 153*4882a593Smuzhiyun break; 154*4882a593Smuzhiyun case 'N': 155*4882a593Smuzhiyun- if (strncasecmp(*buf, "Nov", 3) == 0) 156*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Nov", abbrev_length) == 0) 157*4882a593Smuzhiyun *mon = 10; 158*4882a593Smuzhiyun else 159*4882a593Smuzhiyun return FALSE; 160*4882a593Smuzhiyun break; 161*4882a593Smuzhiyun case 'D': 162*4882a593Smuzhiyun- if (strncasecmp(*buf, "Dec", 3) == 0) 163*4882a593Smuzhiyun+ if (strncasecmp(*buf, "Dec", abbrev_length) == 0) 164*4882a593Smuzhiyun *mon = 11; 165*4882a593Smuzhiyun else 166*4882a593Smuzhiyun return FALSE; 167*4882a593Smuzhiyun@@ -152,8 +156,8 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon) 168*4882a593Smuzhiyun return FALSE; 169*4882a593Smuzhiyun } 170*4882a593Smuzhiyun 171*4882a593Smuzhiyun- (*buf) += 3; 172*4882a593Smuzhiyun- (*left) -= 3; 173*4882a593Smuzhiyun+ (*buf) += abbrev_length; 174*4882a593Smuzhiyun+ (*left) -= abbrev_length; 175*4882a593Smuzhiyun return TRUE; 176*4882a593Smuzhiyun } 177*4882a593Smuzhiyun 178*4882a593Smuzhiyun-- 179*4882a593Smuzhiyun2.34.1 180*4882a593Smuzhiyun 181