From: Philip Withnall Date: Tue, 2 May 2017 21:33:04 +0000 (+0100) Subject: libostree: Add missing checks for invalid timestamps X-Git-Tag: archive/raspbian/2022.1-3+rpi1~1^2~4^2~37^2~54 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4c731165bb945bff834ed6a4129c5305d841073a;p=ostree.git libostree: Add missing checks for invalid timestamps g_date_time_new_from_unix_utc() will not always return a valid GDateTime — if the input timestamp is too big, GDateTime cannot represent it, and the constructor returns NULL. Add some missing checks for these situations. We don’t ever expect timestamps to be this big, but they could be as a result of corruption or a malicious repository. Signed-off-by: Philip Withnall Closes: #825 Approved by: cgwalters --- diff --git a/src/libostree/ostree-gpg-verify-result.c b/src/libostree/ostree-gpg-verify-result.c index 73fbfeed..cd709b7c 100644 --- a/src/libostree/ostree-gpg-verify-result.c +++ b/src/libostree/ostree-gpg-verify-result.c @@ -562,6 +562,14 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant, key_id = (len > 16) ? fingerprint + len - 16 : fingerprint; date_time_utc = g_date_time_new_from_unix_utc (timestamp); + if (date_time_utc == NULL) + { + g_string_append_printf (output_buffer, + "Can't check signature: timestamp %" G_GINT64_FORMAT " is invalid\n", + timestamp); + return; + } + date_time_local = g_date_time_to_local (date_time_utc); formatted_date_time = g_date_time_format (date_time_local, "%c"); @@ -606,6 +614,14 @@ ostree_gpg_verify_result_describe_variant (GVariant *variant, if (exp_timestamp > 0) { date_time_utc = g_date_time_new_from_unix_utc (exp_timestamp); + if (date_time_utc == NULL) + { + g_string_append_printf (output_buffer, + "Signature expiry timestamp (%" G_GINT64_FORMAT ") is invalid\n", + exp_timestamp); + return; + } + date_time_local = g_date_time_to_local (date_time_utc); formatted_date_time = g_date_time_format (date_time_local, "%c"); diff --git a/src/libostree/ostree-sysroot-upgrader.c b/src/libostree/ostree-sysroot-upgrader.c index 4e7c8bf3..11d9706c 100644 --- a/src/libostree/ostree-sysroot-upgrader.c +++ b/src/libostree/ostree-sysroot-upgrader.c @@ -470,8 +470,15 @@ ostree_sysroot_upgrader_check_timestamps (OstreeRepo *repo, g_autofree char *old_ts_str = NULL; g_autofree char *new_ts_str = NULL; - g_assert (old_ts); - g_assert (new_ts); + if (old_ts == NULL || new_ts == NULL) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "Upgrade target revision '%s' timestamp (%" G_GINT64_FORMAT ") or current revision '%s' timestamp (%" G_GINT64_FORMAT ") is invalid", + to_rev, ostree_commit_get_timestamp (new_commit), + from_rev, ostree_commit_get_timestamp (old_commit)); + goto out; + } + old_ts_str = g_date_time_format (old_ts, "%c"); new_ts_str = g_date_time_format (new_ts, "%c"); g_date_time_unref (old_ts); diff --git a/src/ostree/ot-remote-cookie-util.c b/src/ostree/ot-remote-cookie-util.c index a96038aa..e3ca9eac 100644 --- a/src/ostree/ot-remote-cookie-util.c +++ b/src/ostree/ot-remote-cookie-util.c @@ -298,14 +298,18 @@ ot_list_cookies_at (int dfd, const char *jar_path, GError **error) while (ot_parse_cookies_next (parser)) { g_autoptr(GDateTime) expires = g_date_time_new_from_unix_utc (parser->expiration); - g_autofree char *expires_str = g_date_time_format (expires, "%Y-%m-%d %H:%M:%S +0000"); + g_autofree char *expires_str = NULL; + + if (expires != NULL) + expires_str = g_date_time_format (expires, "%Y-%m-%d %H:%M:%S +0000"); g_print ("--\n"); g_print ("Domain: %s\n", parser->domain); g_print ("Path: %s\n", parser->path); g_print ("Name: %s\n", parser->name); g_print ("Secure: %s\n", parser->secure); - g_print ("Expires: %s\n", expires_str); + if (expires_str != NULL) + g_print ("Expires: %s\n", expires_str); g_print ("Value: %s\n", parser->value); } #else