Prevent out of bound array read in date_dos2unix()

The function date_dos2unix() is called during fsck while showing information about duplicate file names. In case the date field of a directory entry contains the invalid value 0 for the month, date_dos2unix would read index -1 of the day_n array. Add a check to prevent that and also make the day_n array const on this occasion. Reported-by: Hanno Böck Signed-off-by: Andreas Bombe <aeb@debian.org>
dosfstools · Sep 8, 2015 · 2aad1c8 · 2aad1c8
1 parent 3b95786
commit 2aad1c8
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/src/check.c b/src/check.c
@@ -224,9 +224,9 @@ static char *path_name(DOS_FILE * file)
     return path;
 }
 
-static int day_n[] =
-    { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
-		  /* JanFebMarApr May Jun Jul Aug Sep Oct Nov Dec */
+static const int day_n[] =
+    {   0,  31,  59,  90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
+/*    Jan  Feb  Mar  Apr  May  Jun  Jul  Aug  Sep  Oct  Nov  Dec              */
 
 /* Convert a MS-DOS time/date pair to a UNIX date (seconds since 1 1 70). */
 
@@ -236,6 +236,10 @@ static time_t date_dos2unix(unsigned short time, unsigned short date)
     time_t secs;
 
     month = ((date >> 5) & 15) - 1;
+    if (month < 0) {
+	/* make sure that nothing bad happens if the month bits were zero */
+	month = 0;
+    }
     year = date >> 9;
     secs =
 	(time & 31) * 2 + 60 * ((time >> 5) & 63) + (time >> 11) * 3600 +