Low: libcrmcommon: Ignore empty time spec#4075
Open
nrwahl2 wants to merge 2 commits intoClusterLabs:mainfrom
Open
Low: libcrmcommon: Ignore empty time spec#4075nrwahl2 wants to merge 2 commits intoClusterLabs:mainfrom
nrwahl2 wants to merge 2 commits intoClusterLabs:mainfrom
Conversation
There is only one call site, and it NULL-checks the argument before the call. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
OSS Fuzz found an overflow in crm_time_subtract(), when crm_time_parse_period() was called with the argument "P2752S-596524H-22Y/T". The "T" after the slash was treated as a time spec. However, with nothing after the "T", this is malformed per the ISO 8601 specification. Pacemaker's time parsing code set the number of seconds to INT_MIN at some point and then tried to negate that value. The fuzzer detected this as potential underflow. We can avoid this by rejecting a time spec in parse_hms() if we cannot parse at least one field from it using sscanf(). The "rc == 0" test was failing because sscanf() returns EOF (a negative integer) when given the empty string after the "T" character. So, we simply check whether rc is less than 1. Fixes https://issues.oss-fuzz.com/u/1/issues/473156224 Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OSS Fuzz found an overflow in
crm_time_subtract(), whencrm_time_parse_period()was called with the argument"P2752S-596524H-22Y/T". The"T"after the slash was treated as a time spec. However, with nothing after the"T", this is malformed per the ISO 8601 specification.Pacemaker's time parsing code set the number of seconds to
INT_MINat some point and then tried to negate that value. The fuzzer detected this as potential underflow.We can avoid this by rejecting a time spec in
parse_hms()if we cannot parse at least one field from it usingsscanf(). Therc == 0test was failing becausesscanf()returnsEOF(a negative integer) when given the empty string after the"T"character. So, we simply check whetherrcis less than 1.Fixes https://issues.oss-fuzz.com/u/1/issues/473156224
Signed-off-by: Reid Wahl nrwahl@protonmail.com