netbsd-bugs: bin/1018: calendar does not check for end of strings when interpreting fields, this can lead to incorrect output.

Subject: bin/1018: calendar does not check for end of strings when interpreting fields, this can lead to incorrect output.
To: None <gnats-admin@sun-lamp.cs.berkeley.edu>
From: Douglas Thomas Crosher <dtc@scrooge.ee.swin.oz.au>
List: netbsd-bugs
Date: 05/04/1995 09:05:05

>Number:         1018
>Category:       bin
>Synopsis:       calendar does not check for end of string when interpreting fields, this can lead to incorrect output.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May  4 09:05:03 1995
>Originator:     Douglas Crosher
>Organization:
	Swinburne University
>Release:        NetBSD-current 4/5/1995
>Environment:

System: NetBSD dtc-pc 1.0A NetBSD 1.0A (DTC) #0: Sun Apr 30 07:05:34 EST 1995 dtc@dtc-pc:/usr/src/sys/arch/i386/compile/DTC i386

>Description:

	The routine which calendar uses to check for a current date in
the calendar files does not check for an end of string.  This can
cause problems because for some possible input lines the routine can
continue past the end of the string.  This subsequently leads to the
possibility of these lines being mis-interpreted and mistakenly output
as valid day entries.

>How-To-Repeat:

	I encountered the problem after upgrading to current and found
that the mail messages produced by 'calendar -a' were incorrect.

	I could reproduce the problem by creating a calendar file in
my home directory consisting of a single line of '%'s, and perhaps a
valid date.  When 'calendar -a' was run it outputs the line of '%'s.

>Fix:

I have included a patch below which adds checking for an end of string
to the field searching routines; this fixes the problem.


*** calendar.c.orig	Mon Mar 27 22:05:00 1995
--- calendar.c	Thu May  4 05:48:02 1995
***************
*** 254,260 ****
  	int val;
  	char *start, savech;
  
! 	for (; !isdigit(*p) && !isalpha(*p) && *p != '*'; ++p);
  	if (*p == '*') {			/* `*' is current month */
  		*flags |= F_ISMONTH;
  		*endp = p+1;
--- 254,260 ----
  	int val;
  	char *start, savech;
  
! 	for (; *p != '\0' && !isdigit(*p) && !isalpha(*p) && *p != '*'; ++p);
  	if (*p == '*') {			/* `*' is current month */
  		*flags |= F_ISMONTH;
  		*endp = p+1;
***************
*** 262,272 ****
  	}
  	if (isdigit(*p)) {
  		val = strtol(p, &p, 10);	/* if 0, it's failure */
! 		for (; !isdigit(*p) && !isalpha(*p) && *p != '*'; ++p);
  		*endp = p;
  		return (val);
  	}
! 	for (start = p; isalpha(*++p););
  	savech = *p;
  	*p = '\0';
  	if ((val = getmonth(start)) != 0)
--- 262,272 ----
  	}
  	if (isdigit(*p)) {
  		val = strtol(p, &p, 10);	/* if 0, it's failure */
! 		for (; *p != '\0' && !isdigit(*p) && !isalpha(*p) && *p != '*'; ++p);
  		*endp = p;
  		return (val);
  	}
! 	for (start = p; *p != '\0' && isalpha(*++p););
  	savech = *p;
  	*p = '\0';
  	if ((val = getmonth(start)) != 0)
***************
*** 277,283 ****
  		*p = savech;
  		return (0);
  	}
! 	for (*p = savech; !isdigit(*p) && !isalpha(*p) && *p != '*'; ++p);
  	*endp = p;
  	return (val);
  }
--- 277,283 ----
  		*p = savech;
  		return (0);
  	}
! 	for (*p = savech; *p!='\0' && !isdigit(*p) && !isalpha(*p) && *p != '*'; ++p);
  	*endp = p;
  	return (val);
  }
>Audit-Trail:
>Unformatted: