From c50e17082d12c2ee8735024567cbbf0ad07acb1f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 14 Jun 2016 11:34:10 +0200 Subject: [PATCH] guard for localtime() and gmtime() failure --- shadow-4.2.1-null-tm.patch | 86 ++++++++++++++++++++++++++++++++++++++ shadow-utils.spec | 7 +++- 2 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 shadow-4.2.1-null-tm.patch diff --git a/shadow-4.2.1-null-tm.patch b/shadow-4.2.1-null-tm.patch new file mode 100644 index 0000000..15b7720 --- /dev/null +++ b/shadow-4.2.1-null-tm.patch @@ -0,0 +1,86 @@ +diff -up shadow-4.2.1/src/faillog.c.null-tm shadow-4.2.1/src/faillog.c +--- shadow-4.2.1/src/faillog.c.null-tm 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/faillog.c 2016-06-14 11:30:00.066890251 +0200 +@@ -163,10 +163,14 @@ static void print_one (/*@null@*/const s + } + + tm = localtime (&fl.fail_time); ++ if (tm == NULL) { ++ cp = "(unknown)"; ++ } else { + #ifdef HAVE_STRFTIME +- strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm); +- cp = ptime; ++ strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm); ++ cp = ptime; + #endif ++ } + printf ("%-9s %5d %5d ", + pw->pw_name, fl.fail_cnt, fl.fail_max); + /* FIXME: cp is not defined ifndef HAVE_STRFTIME */ +diff -up shadow-4.2.1/src/chage.c.null-tm shadow-4.2.1/src/chage.c +--- shadow-4.2.1/src/chage.c.null-tm 2016-05-27 16:04:00.000000000 +0200 ++++ shadow-4.2.1/src/chage.c 2016-06-14 11:18:25.299366908 +0200 +@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size + struct tm *tp; + + tp = gmtime (&date); ++ if (tp == NULL) { ++ (void) snprintf (buf, maxsize, "(unknown)"); ++ return; ++ } + #ifdef HAVE_STRFTIME + (void) strftime (buf, maxsize, "%Y-%m-%d", tp); + #else +diff -up shadow-4.2.1/src/lastlog.c.null-tm shadow-4.2.1/src/lastlog.c +--- shadow-4.2.1/src/lastlog.c.null-tm 2016-05-27 16:04:00.000000000 +0200 ++++ shadow-4.2.1/src/lastlog.c 2016-06-14 11:29:39.210423264 +0200 +@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s + + ll_time = ll.ll_time; + tm = localtime (&ll_time); ++ if (tm == NULL) { ++ cp = "(unknown)"; ++ } else { + #ifdef HAVE_STRFTIME +- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm); +- cp = ptime; ++ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm); ++ cp = ptime; + #else +- cp = asctime (tm); +- cp[24] = '\0'; ++ cp = asctime (tm); ++ cp[24] = '\0'; + #endif ++ } + + if (ll.ll_time == (time_t) 0) { + cp = _("**Never logged in**\0"); +diff -up shadow-4.2.1/src/passwd.c.null-tm shadow-4.2.1/src/passwd.c +--- shadow-4.2.1/src/passwd.c.null-tm 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/passwd.c 2016-06-14 11:23:21.028969028 +0200 +@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to + struct tm *tm; + + tm = gmtime (&t); ++ if (tm == NULL) { ++ return "(unknown)"; ++ } + #ifdef HAVE_STRFTIME + (void) strftime (buf, sizeof buf, "%m/%d/%Y", tm); + #else /* !HAVE_STRFTIME */ +diff -up shadow-4.2.1/src/usermod.c.null-tm shadow-4.2.1/src/usermod.c +--- shadow-4.2.1/src/usermod.c.null-tm 2016-05-27 16:04:00.000000000 +0200 ++++ shadow-4.2.1/src/usermod.c 2016-06-14 11:24:50.974977059 +0200 +@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@ + } else { + time_t t = (time_t) date; + tp = gmtime (&t); ++ if (tp == NULL) { ++ strncpy (buf, "unknown", maxsize); ++ return; ++ } + #ifdef HAVE_STRFTIME + strftime (buf, maxsize, "%Y-%m-%d", tp); + #else diff --git a/shadow-utils.spec b/shadow-utils.spec index 3444f5b..70f0b52 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.2.1 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz @@ -36,6 +36,7 @@ Patch25: shadow-4.2.1-defs-chroot.patch Patch26: shadow-4.2.1-lastlog-unexpire.patch Patch27: shadow-4.2.1-user-busy.patch Patch28: shadow-4.2.1-selinux-perms.patch +Patch29: shadow-4.2.1-null-tm.patch License: BSD and GPLv2+ Group: System Environment/Base @@ -92,6 +93,7 @@ are used for managing group accounts. %patch26 -p1 -b .unexpire %patch27 -p1 -b .user-busy %patch28 -p1 -b .selinux-perms +%patch29 -p1 -b .null-tm iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -257,6 +259,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Tue Jun 14 2016 Tomáš Mráz - 2:4.2.1-11 +- guard for localtime() and gmtime() failure + * Mon May 30 2016 Tomáš Mráz - 2:4.2.1-10 - chpasswd, chgpasswd: open audit when starting