Skip to content

Commit 2aad1c8

Browse files
committed
Prevent out of bound array read in date_dos2unix()
The function date_dos2unix() is called during fsck while showing information about duplicate file names. In case the date field of a directory entry contains the invalid value 0 for the month, date_dos2unix would read index -1 of the day_n array. Add a check to prevent that and also make the day_n array const on this occasion. Reported-by: Hanno Böck Signed-off-by: Andreas Bombe <aeb@debian.org>
1 parent 3b95786 commit 2aad1c8

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

src/check.c

+7-3
Original file line numberDiff line numberDiff line change
@@ -224,9 +224,9 @@ static char *path_name(DOS_FILE * file)
224224
return path;
225225
}
226226

227-
static int day_n[] =
228-
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
229-
/* JanFebMarApr May Jun Jul Aug Sep Oct Nov Dec */
227+
static const int day_n[] =
228+
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
229+
/* Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec */
230230

231231
/* Convert a MS-DOS time/date pair to a UNIX date (seconds since 1 1 70). */
232232

@@ -236,6 +236,10 @@ static time_t date_dos2unix(unsigned short time, unsigned short date)
236236
time_t secs;
237237

238238
month = ((date >> 5) & 15) - 1;
239+
if (month < 0) {
240+
/* make sure that nothing bad happens if the month bits were zero */
241+
month = 0;
242+
}
239243
year = date >> 9;
240244
secs =
241245
(time & 31) * 2 + 60 * ((time >> 5) & 63) + (time >> 11) * 3600 +

0 commit comments

Comments
 (0)