Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / libcper / 596c59e92c4982ad325f60e8d0b3fc4f0cb24596^! / . / cper-utils.c
commit596c59e92c4982ad325f60e8d0b3fc4f0cb24596[log] [tgz]
authorEd Tanous <etanous@nvidia.com>Mon Mar 10 13:15:58 2025 -0700
committerEd Tanous <ed@tanous.net>Tue Mar 18 22:55:13 2025 +0000
tree7d0d47b570b7efa68334b202e3787c1572569a0c
parent73498f66c58efc3f11dd3da21f066a9fd8a8167e [diff] [blame]
Fix timestamp handling

timestamp_to_string can fail in unexpected ways.  It attempts to do some
level of error checks, but doesn't return the result of those back to
the caller, which means that this can possibly read from unpopulated
memory.

Adjust the prototype and fix the issues in this helper function.

Change-Id: I9df2dc17142b1fd3a686fd852ac80f4691fd25be
Signed-off-by: Ed Tanous <etanous@nvidia.com>

diff --git a/cper-utils.c b/cper-utils.c
index d36e944..6c76156 100644
--- a/cper-utils.c
+++ b/cper-utils.c

@@ -318,22 +318,47 @@
 
 //Converts a single EFI timestamp to string, at the given output.
 //Output must be at least TIMESTAMP_LENGTH bytes long.
-void timestamp_to_string(char *out, int out_len,
-			 EFI_ERROR_TIME_STAMP *timestamp)
+int timestamp_to_string(char *out, int out_len, EFI_ERROR_TIME_STAMP *timestamp)
 {
+	//Cannot go to three digits.
+	int century = bcd_to_int(timestamp->Century) % 100;
+	if (century >= 100) {
+		return -1;
+	}
+	int year = bcd_to_int(timestamp->Year) % 100;
+	if (year >= 100) {
+		return -1;
+	}
+	int month = bcd_to_int(timestamp->Month);
+	if (month > 12) {
+		return -1;
+	}
+	int day = bcd_to_int(timestamp->Day);
+	if (day > 31) {
+		return -1;
+	}
+	int hours = bcd_to_int(timestamp->Hours);
+	if (hours >= 24) {
+		return -1;
+	}
+	int minutes = bcd_to_int(timestamp->Minutes);
+	if (minutes > 60) {
+		return -1;
+	}
+	int seconds = bcd_to_int(timestamp->Seconds);
+	if (seconds >= 60) {
+		return -1;
+	}
 	int written = snprintf(
 		out, out_len,
 		"%02hhu%02hhu-%02hhu-%02hhuT%02hhu:%02hhu:%02hhu+00:00",
-		bcd_to_int(timestamp->Century) %
-			100,			   //Cannot go to three digits.
-		bcd_to_int(timestamp->Year) % 100, //Cannot go to three digits.
-		bcd_to_int(timestamp->Month), bcd_to_int(timestamp->Day),
-		bcd_to_int(timestamp->Hours), bcd_to_int(timestamp->Minutes),
-		bcd_to_int(timestamp->Seconds));
+		century, year, month, day, hours, minutes, seconds);
 
 	if (written < 0 || written >= out_len) {
 		printf("Timestamp buffer of insufficient size\n");
+		return -1;
 	}
+	return 0;
 }
 
 //Converts a single timestamp string to an EFI timestamp.