utils: Avoid array-lookup in is_time_legal()
```
../src/utils.c: In function ‘is_time_legal’:
../src/utils.c:213:22: error: use of attacker-controlled value ‘month’ in array lookup without checking for negative [CWE-129] [-Werror=analyzer-tainted-array-index]
213 | unsigned int rday = days[month];
| ^~~~
```
This isn't really the case, but GCC's analyzer currently thinks so, so
clean it up with a switch statement.
Change-Id: I60e0a6cb3ad275455fdc27de8042afe34c09ba60
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
diff --git a/src/utils.c b/src/utils.c
index a22c472..71ae500 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -201,6 +201,37 @@
((uint32_t)(dec2bcd16(dec / 10000)) << 16);
}
+static int day_map(uint8_t month)
+{
+ switch (month) {
+ case 1:
+ return 31;
+ case 2:
+ return 28;
+ case 3:
+ return 31;
+ case 4:
+ return 30;
+ case 5:
+ return 31;
+ case 6:
+ return 30;
+ case 7:
+ case 8:
+ return 31;
+ case 9:
+ return 30;
+ case 10:
+ return 31;
+ case 11:
+ return 30;
+ case 12:
+ return 31;
+ default:
+ return 0;
+ }
+}
+
LIBPLDM_ABI_STABLE
bool is_time_legal(uint8_t seconds, uint8_t minutes, uint8_t hours, uint8_t day,
uint8_t month, uint16_t year)
@@ -208,9 +239,7 @@
if (month < 1 || month > 12) {
return false;
}
- static const int days[13] = { 0, 31, 28, 31, 30, 31, 30,
- 31, 31, 30, 31, 30, 31 };
- int rday = days[month];
+ int rday = day_map(month);
if (month == 2 &&
((year % 4 == 0 && year % 100 != 0) || (year % 400 == 0))) {
rday += 1;