Opened 4 years ago

Last modified 2 years ago

#3447 new defect

Address potential integer overflow in time calculations

Reported by: stephen Owned by:
Priority: low Milestone: Outstanding Tasks
Component: libutil Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

Coverity has reported two issues (CID 1202661 and 1202662) in src/lib/util/time_utilities.cc:

157uint64_t
158timeFromText64(const string& time_txt) {
159    // Confirm the source only consists digits.  sscanf() allows some
160    // minor exceptions.
161    for (string::size_type i = 0; i < time_txt.length(); ++i) {
162        if (!isdigit(time_txt.at(i))) {
163            isc_throw(InvalidTime, "Couldn't convert non-numeric time value: "
164                      << time_txt);
165        }
166    }
167
168    int year, month, day, hour, minute, second;
169    if (time_txt.length() != DATE_LEN ||
170        sscanf(time_txt.c_str(), "%4d%2d%2d%2d%2d%2d",
171               &year, &month, &day, &hour, &minute, &second) != 6)
172    {
173        isc_throw(InvalidTime, "Couldn't convert time value: " << time_txt);
174    }
175
176    checkRange(1970, 9999, year, "year");
177    checkRange(1, 12, month, "month");
178    checkRange(1, days[month - 1] + ((month == 2 && isLeap(year)) ? 1 : 0),
179            day, "day");
180    checkRange(0, 23, hour, "hour");
181    checkRange(0, 59, minute, "minute");
182    checkRange(0, 60, second, "second"); // 60 == leap second.
183
   
CID 1202661: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) [select issue]
   
CID 1202662 (#1 of 1): Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)overflow_before_widen: Potentially overflowing expression 3600 * hour with type int (32 bits, signed) is evaluated using 32-bit arithmetic before being used in a context which expects an expression of type uint64_t (64 bits, unsigned). To avoid overflow, cast either operand to uint64_t before performing the multiplication.
184    uint64_t timeval = second + (60 * minute) + (3600 * hour) +
185        ((day - 1) * 86400);

Subtickets

Change History (4)

comment:1 Changed 4 years ago by tomek

  • Milestone changed from Kea-proposed to Kea1.0

comment:2 Changed 3 years ago by stephen

  • Component changed from Unclassified to libutil
  • Version set to git

comment:3 Changed 2 years ago by stephen

  • Milestone changed from Kea1.0 to DHCP Outstanding Tasks

Per Kea planning meeting in October, move out of 1.0.

comment:4 Changed 2 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks

Milestone renamed

Note: See TracTickets for help on using tickets.