From 486affdf2880485578bb54c7f6d4789cae396acb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 19 May 2017 14:49:06 -0400 Subject: [PATCH] basic/time-util: make parsing of dual_timestamp more strict *scanf functions set errno on i/o error. For sscanf, this doesn't really apply, so (based on the man page), it seems that errno is unlikely to be ever set to a useful value. So just ignore errno. The error message includes the string that was parsed, so it should be always pretty clear why parsing failed. On the other hand, detect trailing characters and minus prefix that weren't converted properly. This matches what our safe_ato* functions do. Add tests to elucidate various edge cases. --- src/basic/time-util.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/basic/time-util.c b/src/basic/time-util.c index a2b57f872..f6d5621ed 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c @@ -566,15 +566,29 @@ void dual_timestamp_serialize(FILE *f, const char *name, dual_timestamp *t) { int dual_timestamp_deserialize(const char *value, dual_timestamp *t) { uint64_t a, b; + int r, pos; assert(value); assert(t); - if (sscanf(value, "%" PRIu64 "%" PRIu64, &a, &b) != 2) { - log_debug("Failed to parse dual timestamp value \"%s\": %m", value); + pos = strspn(value, WHITESPACE); + if (value[pos] == '-') + return -EINVAL; + pos += strspn(value + pos, DIGITS); + pos += strspn(value + pos, WHITESPACE); + if (value[pos] == '-') + return -EINVAL; + + r = sscanf(value, "%" PRIu64 "%" PRIu64 "%n", &a, &b, &pos); + if (r != 2) { + log_debug("Failed to parse dual timestamp value \"%s\".", value); return -EINVAL; } + if (value[pos] != '\0') + /* trailing garbage */ + return -EINVAL; + t->realtime = a; t->monotonic = b; -- 2.30.2