Coverage Report

Created: 2025-07-18 07:00

/src/sudo/plugins/sudoers/gentime.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * SPDX-License-Identifier: ISC
3
 *
4
 * Copyright (c) 2017, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18
19
/*
20
 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
21
 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
22
 */
23
24
#include <config.h>
25
26
#include <stdio.h>
27
#include <stdlib.h>
28
#ifdef HAVE_STDBOOL_H
29
# include <stdbool.h>
30
#else
31
# include <compat/stdbool.h>
32
#endif /* HAVE_STDBOOL_H */
33
#include <string.h>
34
#include <ctype.h>
35
#include <time.h>
36
37
#include <sudo_compat.h>
38
#include <sudoers_debug.h>
39
#include <parse.h>
40
41
/* Since timegm() is only used in one place we keep the macro local. */
42
#ifndef HAVE_TIMEGM
43
# define timegm(_t) sudo_timegm(_t)
44
#endif
45
46
/*
47
 * Parse a timestamp in Generalized Time format as per RFC4517.
48
 * E.g. yyyymmddHHMMSS.FZ or yyyymmddHHMMSS.F[+-]TZOFF
49
 * where minutes, seconds and fraction are optional.
50
 * Returns the time in Unix time format or -1 on error.
51
 */
52
time_t
53
parse_gentime(const char *timestr)
54
4.40k
{
55
4.40k
    char tcopy[sizeof("yyyymmddHHMMSS")];
56
4.40k
    const char *cp;
57
4.40k
    time_t result;
58
4.40k
    struct tm tm;
59
4.40k
    size_t len;
60
4.40k
    int items, tzoff = 0;
61
4.40k
    bool islocal = false;
62
4.40k
    debug_decl(parse_gentime, SUDOERS_DEBUG_PARSER);
63
64
    /* Make a copy of the non-fractional time without zone for easy parsing. */
65
4.40k
    len = strspn(timestr, "0123456789");
66
4.40k
    if (len >= sizeof(tcopy) || len < sizeof("yyyymmddHH") -1 || (len & 1)) {
67
1.36k
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
68
1.36k
      "unable to parse general time string %s", timestr);
69
1.36k
  debug_return_time_t(-1);
70
1.36k
    }
71
3.03k
    memcpy(tcopy, timestr, len);
72
3.03k
    tcopy[len] = '\0';
73
74
    /* Parse general time, ignoring the timezone for now. */
75
3.03k
    memset(&tm, 0, sizeof(tm));
76
3.03k
    items = sscanf(tcopy, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon,
77
3.03k
  &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
78
3.03k
    if (items == EOF || items < 4) {
79
0
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
80
0
      "only parsed %d items in general time string %s", items, timestr); 
81
0
  debug_return_time_t(-1);
82
0
    }
83
84
    /* Parse optional fractional hours/minute/second if present. */
85
3.03k
    cp = timestr + len;
86
3.03k
    if ((cp[0] == '.' || cp[0] == ',') && isdigit((unsigned char)cp[1])) {
87
851
  int frac = cp[1] - '0';
88
851
  switch (items) {
89
338
  case 4:
90
      /* convert fractional hour -> minutes */
91
338
      tm.tm_min += 60 / 10 * frac;
92
338
      break;
93
314
  case 5:
94
      /* convert fractional minute -> seconds */
95
314
      tm.tm_sec += 60 / 10 * frac;
96
314
      break;
97
199
  case 6:
98
      /* ignore fractional second */
99
199
      break;
100
851
  }
101
851
  cp += 2;  /* skip over radix and fraction */
102
851
    }
103
104
    /* Parse optional time zone. */
105
3.03k
    switch (*cp) {
106
581
    case '-':
107
1.21k
    case '+': {
108
1.21k
  int hour = 0, min = 0;
109
110
  /* No DST */
111
1.21k
  tm.tm_isdst = 0;
112
  /* time zone offset must be hh or hhmm */
113
1.21k
  len = strspn(cp + 1, "0123456789");
114
1.21k
  if (len != 2 && len != 4) {
115
305
      sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
116
305
    "unable to parse time zone offset in %s, bad tz offset",
117
305
    timestr);
118
305
      debug_return_time_t(-1);
119
305
  }
120
  /* parse time zone offset */
121
914
  items = sscanf(cp + 1, "%2d%2d", &hour, &min);
122
914
  if (items == EOF || items < 1) {
123
0
      sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
124
0
    "unable to parse time zone offset in %s, items %d",
125
0
    timestr, items);
126
0
      debug_return_time_t(-1);
127
0
  }
128
914
  if (*cp == '-')
129
385
      tzoff = -((hour * 60) + min) * 60;
130
529
  else
131
529
      tzoff = ((hour * 60) + min) * 60;
132
914
  cp += 1 + (items * 2);
133
914
  break;
134
914
    }
135
536
    case 'Z':
136
  /* GMT/UTC, no DST */
137
536
  tm.tm_isdst = 0;
138
536
  cp++;
139
536
  break;
140
795
    case '\0':
141
  /* no zone specified, use local time */
142
795
  tm.tm_isdst = -1;
143
795
  islocal = true;
144
795
  break;
145
488
    default:
146
488
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
147
488
      "unable to parse general time string %s", timestr);
148
488
  debug_return_time_t(-1);
149
3.03k
    }
150
2.24k
    if (*cp != '\0') {
151
486
  sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
152
486
      "trailing garbage in general time string %s", timestr);
153
486
  debug_return_time_t(-1);
154
486
    }
155
156
    /* Adjust from Generalized Time to struct tm */
157
1.75k
    tm.tm_year -= 1900;
158
1.75k
    tm.tm_mon--;
159
160
1.75k
    if (islocal) {
161
795
  result = mktime(&tm);
162
964
    } else {
163
964
  result = timegm(&tm);
164
964
  if (result != -1) {
165
      /* Adjust time based on supplied GMT offset. */
166
747
      result -= tzoff;
167
747
  }
168
964
    }
169
170
1.75k
    debug_return_time_t(result);
171
1.75k
}