Prevent out of bound array read in date_dos2unix()

andreasbombe · andreasbombe · commit 2aad1c83c7d0 · 2015-09-08T04:19:06.000+02:00
The function date_dos2unix() is called during fsck while showing
information about duplicate file names. In case the date field of a
directory entry contains the invalid value 0 for the month,
date_dos2unix would read index -1 of the day_n array.

Add a check to prevent that and also make the day_n array const on this
occasion.

Reported-by: Hanno Böck
Signed-off-by: Andreas Bombe &lt;aeb@debian.org&gt;
diff --git a/src/check.c b/src/check.c
@@ -224,9 +224,9 @@ static char *path_name(DOS_FILE * file)
     return path;
 }
 
-static int day_n[] =
-    { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
-		  /* JanFebMarApr May Jun Jul Aug Sep Oct Nov Dec */
+static const int day_n[] =
+    {   0,  31,  59,  90, 120, 151, 181, 212, 243, 273, 304, 334, 0, 0, 0, 0 };
+/*    Jan  Feb  Mar  Apr  May  Jun  Jul  Aug  Sep  Oct  Nov  Dec              */
 
 /* Convert a MS-DOS time/date pair to a UNIX date (seconds since 1 1 70). */
 
@@ -236,6 +236,10 @@ static time_t date_dos2unix(unsigned short time, unsigned short date)
     time_t secs;
 
     month = ((date >> 5) & 15) - 1;
+    if (month < 0) {
+	/* make sure that nothing bad happens if the month bits were zero */
+	month = 0;
+    }
     year = date >> 9;
     secs =
 	(time & 31) * 2 + 60 * ((time >> 5) & 63) + (time >> 11) * 3600 +
