1*4882a593SmuzhiyunFrom 8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Laszlo Varady <laszlo.varady@protonmail.com> 3*4882a593SmuzhiyunDate: Sat, 20 Aug 2022 14:30:22 +0200 4*4882a593SmuzhiyunSubject: [PATCH 7/8] timeutils: fix invalid calculation of ISO timestamp length 5*4882a593SmuzhiyunMIME-Version: 1.0 6*4882a593SmuzhiyunContent-Type: text/plain; charset=UTF-8 7*4882a593SmuzhiyunContent-Transfer-Encoding: 8bit 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunCVE: CVE-2022-38725 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunUpstream-Status: Backport 12*4882a593Smuzhiyun[https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396] 13*4882a593Smuzhiyun 14*4882a593SmuzhiyunSigned-off-by: László Várady <laszlo.varady@protonmail.com> 15*4882a593Smuzhiyun 16*4882a593SmuzhiyunSigned-off-by: Yogita Urade <yogita.urade@windriver.com> 17*4882a593Smuzhiyun--- 18*4882a593Smuzhiyun lib/timeutils/scan-timestamp.c | 8 ++++++-- 19*4882a593Smuzhiyun lib/timeutils/tests/test_scan-timestamp.c | 7 +++++++ 20*4882a593Smuzhiyun 2 files changed, 13 insertions(+), 2 deletions(-) 21*4882a593Smuzhiyun 22*4882a593Smuzhiyundiff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c 23*4882a593Smuzhiyunindex d22d50973..125264677 100644 24*4882a593Smuzhiyun--- a/lib/timeutils/scan-timestamp.c 25*4882a593Smuzhiyun+++ b/lib/timeutils/scan-timestamp.c 26*4882a593Smuzhiyun@@ -350,19 +350,21 @@ __parse_usec(const guchar **data, gint *length) 27*4882a593Smuzhiyun static gboolean 28*4882a593Smuzhiyun __has_iso_timezone(const guchar *src, gint length) 29*4882a593Smuzhiyun { 30*4882a593Smuzhiyun- return (length >= 5) && 31*4882a593Smuzhiyun+ return (length >= 6) && 32*4882a593Smuzhiyun (*src == '+' || *src == '-') && 33*4882a593Smuzhiyun isdigit(*(src+1)) && 34*4882a593Smuzhiyun isdigit(*(src+2)) && 35*4882a593Smuzhiyun *(src+3) == ':' && 36*4882a593Smuzhiyun isdigit(*(src+4)) && 37*4882a593Smuzhiyun isdigit(*(src+5)) && 38*4882a593Smuzhiyun- !isdigit(*(src+6)); 39*4882a593Smuzhiyun+ (length < 7 || !isdigit(*(src+6))); 40*4882a593Smuzhiyun } 41*4882a593Smuzhiyun 42*4882a593Smuzhiyun static guint32 43*4882a593Smuzhiyun __parse_iso_timezone(const guchar **data, gint *length) 44*4882a593Smuzhiyun { 45*4882a593Smuzhiyun+ g_assert(*length >= 6); 46*4882a593Smuzhiyun+ 47*4882a593Smuzhiyun gint hours, mins; 48*4882a593Smuzhiyun const guchar *src = *data; 49*4882a593Smuzhiyun guint32 tz = 0; 50*4882a593Smuzhiyun@@ -372,8 +374,10 @@ __parse_iso_timezone(const guchar **data, gint *length) 51*4882a593Smuzhiyun hours = (*(src + 1) - '0') * 10 + *(src + 2) - '0'; 52*4882a593Smuzhiyun mins = (*(src + 4) - '0') * 10 + *(src + 5) - '0'; 53*4882a593Smuzhiyun tz = sign * (hours * 3600 + mins * 60); 54*4882a593Smuzhiyun+ 55*4882a593Smuzhiyun src += 6; 56*4882a593Smuzhiyun (*length) -= 6; 57*4882a593Smuzhiyun+ 58*4882a593Smuzhiyun *data = src; 59*4882a593Smuzhiyun return tz; 60*4882a593Smuzhiyun } 61*4882a593Smuzhiyundiff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c 62*4882a593Smuzhiyunindex 468bbf779..d18bdc65d 100644 63*4882a593Smuzhiyun--- a/lib/timeutils/tests/test_scan-timestamp.c 64*4882a593Smuzhiyun+++ b/lib/timeutils/tests/test_scan-timestamp.c 65*4882a593Smuzhiyun@@ -264,6 +264,13 @@ Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly) 66*4882a593Smuzhiyun 67*4882a593Smuzhiyun } 68*4882a593Smuzhiyun 69*4882a593Smuzhiyun+Test(parse_timestamp, non_zero_terminated_rfc5424_timestamp_only) 70*4882a593Smuzhiyun+{ 71*4882a593Smuzhiyun+ const gchar *ts = "2022-08-17T05:02:28.417+03:00"; 72*4882a593Smuzhiyun+ gint ts_len = strlen(ts); 73*4882a593Smuzhiyun+ _expect_rfc5424_timestamp_len_eq(ts, ts_len, ts); 74*4882a593Smuzhiyun+} 75*4882a593Smuzhiyun+ 76*4882a593Smuzhiyun 77*4882a593Smuzhiyun Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones) 78*4882a593Smuzhiyun { 79*4882a593Smuzhiyun-- 80*4882a593Smuzhiyun2.34.1 81*4882a593Smuzhiyun 82