From ea6cb9defff80af87a2b5343f5418aa49677dea2 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 20 Aug 2018 06:24:51 +0000 Subject: Since we can feed localtime(3) with garbage input, or with input it cannot interpret, we always need to check its return value, and in the case it's NULL then error and exit before proceeding further otherwise in this specific program we would find a null dereference down the road which would make the program segfault. OK cheloha@ --- usr.sbin/ac/ac.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'usr.sbin') diff --git a/usr.sbin/ac/ac.c b/usr.sbin/ac/ac.c index 97d0f82034e..f0005cea8a9 100644 --- a/usr.sbin/ac/ac.c +++ b/usr.sbin/ac/ac.c @@ -410,6 +410,8 @@ ac(FILE *fp) prev = usr.ut_time; if (Flags & AC_D) { ltm = localtime(&usr.ut_time); + if (ltm == NULL) + err(1, "localtime"); if (day >= 0 && day != ltm->tm_yday) { day = ltm->tm_yday; /* @@ -461,6 +463,8 @@ ac(FILE *fp) if (Flags & AC_D) { ltm = localtime(&usr.ut_time); + if (ltm == NULL) + err(1, "localtime"); if (day >= 0 && day != ltm->tm_yday) { /* * print yesterday's total -- cgit v1.2.3