Opened 6 years ago
Last modified 4 years ago
#3447 new defect
Address potential integer overflow in time calculations
Reported by: | stephen | Owned by: | |
---|---|---|---|
Priority: | low | Milestone: | Outstanding Tasks |
Component: | libutil | Version: | git |
Keywords: | Cc: | ||
CVSS Scoring: | Parent Tickets: | ||
Sensitive: | no | Defect Severity: | N/A |
Sub-Project: | DHCP | Feature Depending on Ticket: | |
Estimated Difficulty: | 0 | Add Hours to Ticket: | 0 |
Total Hours: | 0 | Internal?: | no |
Description
Coverity has reported two issues (CID 1202661 and 1202662) in src/lib/util/time_utilities.cc:
157uint64_t 158timeFromText64(const string& time_txt) { 159 // Confirm the source only consists digits. sscanf() allows some 160 // minor exceptions. 161 for (string::size_type i = 0; i < time_txt.length(); ++i) { 162 if (!isdigit(time_txt.at(i))) { 163 isc_throw(InvalidTime, "Couldn't convert non-numeric time value: " 164 << time_txt); 165 } 166 } 167 168 int year, month, day, hour, minute, second; 169 if (time_txt.length() != DATE_LEN || 170 sscanf(time_txt.c_str(), "%4d%2d%2d%2d%2d%2d", 171 &year, &month, &day, &hour, &minute, &second) != 6) 172 { 173 isc_throw(InvalidTime, "Couldn't convert time value: " << time_txt); 174 } 175 176 checkRange(1970, 9999, year, "year"); 177 checkRange(1, 12, month, "month"); 178 checkRange(1, days[month - 1] + ((month == 2 && isLeap(year)) ? 1 : 0), 179 day, "day"); 180 checkRange(0, 23, hour, "hour"); 181 checkRange(0, 59, minute, "minute"); 182 checkRange(0, 60, second, "second"); // 60 == leap second. 183 CID 1202661: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) [select issue] CID 1202662 (#1 of 1): Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)overflow_before_widen: Potentially overflowing expression 3600 * hour with type int (32 bits, signed) is evaluated using 32-bit arithmetic before being used in a context which expects an expression of type uint64_t (64 bits, unsigned). To avoid overflow, cast either operand to uint64_t before performing the multiplication. 184 uint64_t timeval = second + (60 * minute) + (3600 * hour) + 185 ((day - 1) * 86400);
Subtickets
Change History (4)
comment:1 Changed 6 years ago by tomek
- Milestone changed from Kea-proposed to Kea1.0
comment:2 Changed 5 years ago by stephen
- Component changed from Unclassified to libutil
- Version set to git
comment:3 Changed 4 years ago by stephen
- Milestone changed from Kea1.0 to DHCP Outstanding Tasks
comment:4 Changed 4 years ago by tomek
- Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks
Milestone renamed
Note: See
TracTickets for help on using
tickets.
Per Kea planning meeting in October, move out of 1.0.