gmtime(3) / locatime(3) can fail when timestamps are way off.

Add missing error checks to all calls under sbin/

Input & OK millert

3 files changed, 37 insertions, 9 deletions

diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c
index 5a0df1df5e9..4ba58bc5f1f 100644
--- a/sbin/isakmpd/log.c
+++ b/sbin/isakmpd/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.64 2018/01/15 09:54:48 mpi Exp $	 */
+/* $OpenBSD: log.c,v 1.65 2024/04/28 16:43:42 florian Exp $	 */
 /* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $	 */
 
 /*
@@ -182,7 +182,11 @@ _log_print(int error, int syslog_level, const char *fmt, va_list ap,
 	if (log_output) {
 		gettimeofday(&now, 0);
 		t = now.tv_sec;
-		tm = localtime(&t);
+		if ((tm = localtime(&t)) == NULL) {
+			/* Invalid time, use the epoch. */
+			t = 0;
+			tm = localtime(&t);
+		}
 		if (class >= 0)
 			snprintf(nbuf, sizeof nbuf,
 			    "%02d%02d%02d.%06ld %s %02d ",
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 9dbf339c0db..d76f39099c8 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.102 2021/10/22 12:30:54 bluhm Exp $	 */
+/* $OpenBSD: policy.c,v 1.103 2024/04/28 16:43:42 florian Exp $	 */
 /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
 
 /*
@@ -1728,13 +1728,23 @@ policy_callback(char *name)
 		return phase_1;
 
 	if (strcmp(name, "GMTTimeOfDay") == 0) {
+		struct tm *tm;
 		tt = time(NULL);
-		strftime(mytimeofday, 14, "%Y%m%d%H%M%S", gmtime(&tt));
+		if ((tm = gmtime(&tt)) == NULL) {
+			log_error("policy_callback: invalid time %lld", tt);
+			goto bad;
+		}
+		strftime(mytimeofday, 14, "%Y%m%d%H%M%S", tm);
 		return mytimeofday;
 	}
 	if (strcmp(name, "LocalTimeOfDay") == 0) {
+		struct tm *tm;
 		tt = time(NULL);
-		strftime(mytimeofday, 14, "%Y%m%d%H%M%S", localtime(&tt));
+		if ((tm = localtime(&tt)) == NULL) {
+			log_error("policy_callback: invalid time %lld", tt);
+			goto bad;
+		}
+		strftime(mytimeofday, 14, "%Y%m%d%H%M%S", tm);
 		return mytimeofday;
 	}
 	if (strcmp(name, "initiator") == 0)
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 989553897e2..fae735d423b 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.125 2022/01/16 14:30:11 naddy Exp $	 */
+/* $OpenBSD: x509.c,v 1.126 2024/04/28 16:43:42 florian Exp $	 */
 /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $	 */
 
 /*
@@ -222,8 +222,15 @@ x509_generate_kn(int id, X509 *cert)
 	if (((tm = X509_get_notBefore(cert)) == NULL) ||
 	    (tm->type != V_ASN1_UTCTIME &&
 		tm->type != V_ASN1_GENERALIZEDTIME)) {
-		tt = time(0);
-		strftime(before, 14, "%Y%m%d%H%M%S", localtime(&tt));
+		struct tm *ltm;
+
+		tt = time(NULL);
+		if ((ltm = localtime(&tt)) == NULL) {
+			LOG_DBG((LOG_POLICY, 30,
+			    "x509_generate_kn: invalid local time"));
+			goto fail;
+		}
+		strftime(before, 14, "%Y%m%d%H%M%S", ltm);
 		timecomp = "LocalTimeOfDay";
 	} else {
 		if (tm->data[tm->length - 1] == 'Z') {
@@ -312,8 +319,15 @@ x509_generate_kn(int id, X509 *cert)
 	if (tm == NULL ||
 	    (tm->type != V_ASN1_UTCTIME &&
 		tm->type != V_ASN1_GENERALIZEDTIME)) {
+		struct tm *ltm;
+
 		tt = time(0);
-		strftime(after, 14, "%Y%m%d%H%M%S", localtime(&tt));
+		if ((ltm = localtime(&tt)) == NULL) {
+			LOG_DBG((LOG_POLICY, 30,
+			    "x509_generate_kn: invalid local time"));
+			goto fail;
+		}
+		strftime(after, 14, "%Y%m%d%H%M%S", ltm);
 		timecomp2 = "LocalTimeOfDay";
 	} else {
 		if (tm->data[tm->length - 1] == 'Z') {