From 8e326f2f626cb45a17f7576caf18160f6dd4eab5 Mon Sep 17 00:00:00 2001 From: Andy McFadden Date: Thu, 21 Sep 2017 12:20:16 -0700 Subject: [PATCH] Fix for issue #20 Reject NuDateTime structs with invalid fields. Passing bogus values to the ATL CTime constructor does bad things. --- DIST/License.txt | 2 +- app/NufxArchive.cpp | 15 +++++++++++++-- nufxlib/ChangeLog.txt | 2 ++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/DIST/License.txt b/DIST/License.txt index ce3e5f3..0094241 100644 --- a/DIST/License.txt +++ b/DIST/License.txt @@ -1,5 +1,5 @@ End-User License Agreement for CiderPress -Copyright (c) 2016, CiderPress project authors +Copyright (C) 2017, CiderPress project authors All rights reserved. AGREEMENT. After reading this agreement carefully, if you ("Customer") do diff --git a/app/NufxArchive.cpp b/app/NufxArchive.cpp index 98cd1ad..034ba9b 100644 --- a/app/NufxArchive.cpp +++ b/app/NufxArchive.cpp @@ -835,6 +835,7 @@ NuResult NufxArchive::ContentFunc(NuArchive* pArchive, void* vpRecord) pDateTime->extra == 0 && pDateTime->weekDay == 0) { + // not invalid; just no date set return kDateNone; } @@ -858,8 +859,17 @@ NuResult NufxArchive::ContentFunc(NuArchive* pArchive, void* vpRecord) //LOGI(" Ignoring funky year %ld", year); return kDateInvalid; } - if (pDateTime->month > 11) + + // Must range-check values before passing them to CTime constructor, which + // now throws a remarkably fatal exception. + if (pDateTime->month > 11 || // [0,11] + pDateTime->day > 30 || // [0,30] + pDateTime->hour > 59 || // [0,59] + pDateTime->minute > 59 || // [0,59] + pDateTime->second > 59) { // [0,59] + return kDateInvalid; + } CTime modTime(year, pDateTime->month+1, @@ -867,7 +877,8 @@ NuResult NufxArchive::ContentFunc(NuArchive* pArchive, void* vpRecord) pDateTime->hour, pDateTime->minute, pDateTime->second); - return (time_t) modTime.GetTime(); + time_t result = (time_t)modTime.GetTime(); + return result; } /*static*/ NuResult NufxArchive::ArrayDeleteHandler(NuArchive* pArchive, void* ptr) diff --git a/nufxlib/ChangeLog.txt b/nufxlib/ChangeLog.txt index 9ca2f6d..628bb6f 100644 --- a/nufxlib/ChangeLog.txt +++ b/nufxlib/ChangeLog.txt @@ -1,3 +1,5 @@ +2017/09/21 ***** v3.1.0 shipped ***** + 2016/01/11 fadden - Fix handling of disk images (broken by previous change).