Permalink
Browse files

Prevent out of bound array read in date_dos2unix()

The function date_dos2unix() is called during fsck while showing
information about duplicate file names. In case the date field of a
directory entry contains the invalid value 0 for the month,
date_dos2unix would read index -1 of the day_n array.

Add a check to prevent that and also make the day_n array const on this
occasion.

Reported-by: Hanno Böck
Signed-off-by: Andreas Bombe <aeb@debian.org>
  • Loading branch information...
andreasbombe committed Sep 8, 2015
1 parent 3b95786 commit 2aad1c83c7d010de36afbe79c9fde22c50aa2f74
Showing with 7 additions and 3 deletions.
  1. +7 −3 src/check.c
@@ -224,9 +224,9 @@ static char *path_name(DOS_FILE * file)
return path;
}
static int day_n[] =
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
/* JanFebMarApr May Jun Jul Aug Sep Oct Nov Dec */
static const int day_n[] =
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
/* Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec */
/* Convert a MS-DOS time/date pair to a UNIX date (seconds since 1 1 70). */
@@ -236,6 +236,10 @@ static time_t date_dos2unix(unsigned short time, unsigned short date)
time_t secs;
month = ((date >> 5) & 15) - 1;
if (month < 0) {
/* make sure that nothing bad happens if the month bits were zero */
month = 0;
}
year = date >> 9;
secs =
(time & 31) * 2 + 60 * ((time >> 5) & 63) + (time >> 11) * 3600 +

0 comments on commit 2aad1c8

Please sign in to comment.