From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 7 Jul 2022 18:27:02 +0900 Subject: [PATCH] time-util: fix buffer-over-run Fixes #23928. CVE: CVE-2022-3821 Upstream-Status: Backport [https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e.patch] Signed-off-by: Ranjitsinh Rathod Comment: Both the hunks refreshed to backport --- src/basic/time-util.c | 2 +- src/test/test-time-util.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/basic/time-util.c b/src/basic/time-util.c index abbc4ad5cd70..26d59de12348 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c @@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t t = b; } - n = MIN((size_t) k, l); + n = MIN((size_t) k, l-1); l -= n; p += n; diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c index e8e4e2a67bb1..58c5fa9be40c 100644 --- a/src/test/test-time-util.c +++ b/src/test/test-time-util.c @@ -501,6 +501,12 @@ int main(int argc, char *argv[]) { test_format_timespan(1); test_format_timespan(USEC_PER_MSEC); test_format_timespan(USEC_PER_SEC); + + /* See issue #23928. */ + _cleanup_free_ char *buf; + assert_se(buf = new(char, 5)); + assert_se(buf == format_timespan(buf, 5, 100005, 1000)); + test_timezone_is_valid(); test_get_timezones(); test_usec_add();