Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Prevent out of bound array read in date_dos2unix()
The function date_dos2unix() is called during fsck while showing
information about duplicate file names. In case the date field of a
directory entry contains the invalid value 0 for the month,
date_dos2unix would read index -1 of the day_n array.

Add a check to prevent that and also make the day_n array const on this
occasion.

Reported-by: Hanno Böck
Signed-off-by: Andreas Bombe <aeb@debian.org>
  • Loading branch information
andreasbombe committed Sep 8, 2015
1 parent 3b95786 commit 2aad1c8
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions src/check.c
Expand Up @@ -224,9 +224,9 @@ static char *path_name(DOS_FILE * file)
return path;
}

static int day_n[] =
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
/* JanFebMarApr May Jun Jul Aug Sep Oct Nov Dec */
static const int day_n[] =
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
/* Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec */

/* Convert a MS-DOS time/date pair to a UNIX date (seconds since 1 1 70). */

Expand All @@ -236,6 +236,10 @@ static time_t date_dos2unix(unsigned short time, unsigned short date)
time_t secs;

month = ((date >> 5) & 15) - 1;
if (month < 0) {
/* make sure that nothing bad happens if the month bits were zero */
month = 0;
}
year = date >> 9;
secs =
(time & 31) * 2 + 60 * ((time >> 5) & 63) + (time >> 11) * 3600 +
Expand Down

0 comments on commit 2aad1c8

Please sign in to comment.