basic/time-util: make parsing of dual_timestamp more strict

[elogind.git] / src / basic / time-util.c

diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index 1fcbbaa478aed679e808b81c4e256aa735103ebf..f6d5621ed34f1839ec86fc11b3e9e6a4e3bdbc52 100644 (file)
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -218,7 +218,7 @@ struct timespec *timespec_store(struct timespec *ts, usec_t u)  {
         assert(ts);
 
         if (u == USEC_INFINITY ||
-            u / USEC_INFINITY >= TIME_T_MAX) {
+            u / USEC_PER_SEC >= TIME_T_MAX) {
                 ts->tv_sec = (time_t) -1;
                 ts->tv_nsec = (long) -1;
                 return ts;
@@ -565,16 +565,30 @@ void dual_timestamp_serialize(FILE *f, const char *name, dual_timestamp *t) {
 }
 
 int dual_timestamp_deserialize(const char *value, dual_timestamp *t) {
-        unsigned long long a, b;
+        uint64_t a, b;
+        int r, pos;
 
         assert(value);
         assert(t);
 
-        if (sscanf(value, "%llu %llu", &a, &b) != 2) {
-                log_debug("Failed to parse dual timestamp value \"%s\": %m", value);
+        pos = strspn(value, WHITESPACE);
+        if (value[pos] == '-')
+                return -EINVAL;
+        pos += strspn(value + pos, DIGITS);
+        pos += strspn(value + pos, WHITESPACE);
+        if (value[pos] == '-')
+                return -EINVAL;
+
+        r = sscanf(value, "%" PRIu64 "%" PRIu64 "%n", &a, &b, &pos);
+        if (r != 2) {
+                log_debug("Failed to parse dual timestamp value \"%s\".", value);
                 return -EINVAL;
         }
 
+        if (value[pos] != '\0')
+                /* trailing garbage */
+                return -EINVAL;
+
         t->realtime = a;
         t->monotonic = b;
 
@@ -857,6 +871,8 @@ from_tm:
                 return -EINVAL;
 
 finish:
+        if (ret + plus < ret) /* overflow? */
+                return -EINVAL;
         ret += plus;
         if (ret > USEC_TIMESTAMP_FORMATTABLE_MAX)
                 return -EINVAL;