2022-06-21 12:22:36 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
*
|
|
|
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
* information regarding copyright ownership.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*! \file */
|
|
|
|
|
|
|
|
|
|
#include <ctype.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <inttypes.h>
|
|
|
|
|
#include <stdbool.h>
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
#include <stdint.h>
|
2022-06-21 12:22:36 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
#include <isc/buffer.h>
|
|
|
|
|
#include <isc/parseint.h>
|
|
|
|
|
#include <isc/region.h>
|
|
|
|
|
#include <isc/result.h>
|
|
|
|
|
#include <isc/string.h>
|
|
|
|
|
#include <isc/util.h>
|
|
|
|
|
|
2022-06-27 16:31:43 +02:00
|
|
|
#include <dns/ttl.h>
|
|
|
|
|
|
2022-06-21 12:22:36 +02:00
|
|
|
#include <isccfg/duration.h>
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* isccfg_duration_fromtext initially taken from OpenDNSSEC code base.
|
|
|
|
|
* Modified to fit the BIND 9 code.
|
|
|
|
|
*/
|
|
|
|
|
isc_result_t
|
|
|
|
|
isccfg_duration_fromtext(isc_textregion_t *source,
|
|
|
|
|
isccfg_duration_t *duration) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
char buf[CFG_DURATION_MAXLEN] = { 0 };
|
2022-06-21 12:22:36 +02:00
|
|
|
char *P, *X, *T, *W, *str;
|
|
|
|
|
bool not_weeks = false;
|
|
|
|
|
int i;
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
long long int lli;
|
2024-03-08 12:12:50 +01:00
|
|
|
char *endptr;
|
2022-06-21 12:22:36 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Copy the buffer as it may not be NULL terminated.
|
|
|
|
|
*/
|
|
|
|
|
if (source->length > sizeof(buf) - 1) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
/* Copy source->length bytes and NULL terminate. */
|
|
|
|
|
snprintf(buf, sizeof(buf), "%.*s", (int)source->length, source->base);
|
|
|
|
|
str = buf;
|
|
|
|
|
|
|
|
|
|
/* Clear out duration. */
|
|
|
|
|
for (i = 0; i < 7; i++) {
|
|
|
|
|
duration->parts[i] = 0;
|
|
|
|
|
}
|
|
|
|
|
duration->iso8601 = false;
|
|
|
|
|
duration->unlimited = false;
|
|
|
|
|
|
|
|
|
|
/* Every duration starts with 'P' */
|
2022-08-19 11:13:59 +10:00
|
|
|
if (toupper((unsigned char)str[0]) != 'P') {
|
2022-06-21 12:22:36 +02:00
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
2022-06-24 09:58:40 +02:00
|
|
|
P = str;
|
2022-06-21 12:22:36 +02:00
|
|
|
|
|
|
|
|
/* Record the time indicator. */
|
|
|
|
|
T = strpbrk(str, "Tt");
|
|
|
|
|
|
|
|
|
|
/* Record years. */
|
|
|
|
|
X = strpbrk(str, "Yy");
|
|
|
|
|
if (X != NULL) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
errno = 0;
|
2024-03-08 12:12:50 +01:00
|
|
|
endptr = NULL;
|
|
|
|
|
lli = strtoll(str + 1, &endptr, 10);
|
|
|
|
|
if (*endptr != *X) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
duration->parts[0] = (uint32_t)lli;
|
2022-06-21 12:22:36 +02:00
|
|
|
str = X;
|
|
|
|
|
not_weeks = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Record months. */
|
|
|
|
|
X = strpbrk(str, "Mm");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* M could be months or minutes. This is months if there is no time
|
|
|
|
|
* part, or this M indicator is before the time indicator.
|
|
|
|
|
*/
|
|
|
|
|
if (X != NULL && (T == NULL || (size_t)(X - P) < (size_t)(T - P))) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
errno = 0;
|
2024-03-08 12:12:50 +01:00
|
|
|
lli = strtoll(str + 1, &endptr, 10);
|
|
|
|
|
if (*endptr != *X) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
duration->parts[1] = (uint32_t)lli;
|
2022-06-21 12:22:36 +02:00
|
|
|
str = X;
|
|
|
|
|
not_weeks = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Record days. */
|
|
|
|
|
X = strpbrk(str, "Dd");
|
|
|
|
|
if (X != NULL) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
errno = 0;
|
2024-03-08 12:12:50 +01:00
|
|
|
lli = strtoll(str + 1, &endptr, 10);
|
|
|
|
|
if (*endptr != *X) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
duration->parts[3] = (uint32_t)lli;
|
2022-06-21 12:22:36 +02:00
|
|
|
str = X;
|
|
|
|
|
not_weeks = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Time part? */
|
|
|
|
|
if (T != NULL) {
|
|
|
|
|
str = T;
|
|
|
|
|
not_weeks = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Record hours. */
|
|
|
|
|
X = strpbrk(str, "Hh");
|
|
|
|
|
if (X != NULL && T != NULL) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
errno = 0;
|
2024-03-08 12:12:50 +01:00
|
|
|
lli = strtoll(str + 1, &endptr, 10);
|
|
|
|
|
if (*endptr != *X) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
duration->parts[4] = (uint32_t)lli;
|
2022-06-21 12:22:36 +02:00
|
|
|
str = X;
|
|
|
|
|
not_weeks = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Record minutes. */
|
|
|
|
|
X = strpbrk(str, "Mm");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* M could be months or minutes. This is minutes if there is a time
|
|
|
|
|
* part and the M indicator is behind the time indicator.
|
|
|
|
|
*/
|
|
|
|
|
if (X != NULL && T != NULL && (size_t)(X - P) > (size_t)(T - P)) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
errno = 0;
|
2024-03-08 12:12:50 +01:00
|
|
|
lli = strtoll(str + 1, &endptr, 10);
|
|
|
|
|
if (*endptr != *X) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
duration->parts[5] = (uint32_t)lli;
|
2022-06-21 12:22:36 +02:00
|
|
|
str = X;
|
|
|
|
|
not_weeks = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Record seconds. */
|
|
|
|
|
X = strpbrk(str, "Ss");
|
|
|
|
|
if (X != NULL && T != NULL) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
errno = 0;
|
2024-03-08 12:12:50 +01:00
|
|
|
lli = strtoll(str + 1, &endptr, 10);
|
|
|
|
|
if (*endptr != *X) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
duration->parts[6] = (uint32_t)lli;
|
2022-06-21 12:22:36 +02:00
|
|
|
str = X;
|
|
|
|
|
not_weeks = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Or is the duration configured in weeks? */
|
|
|
|
|
W = strpbrk(buf, "Ww");
|
|
|
|
|
if (W != NULL) {
|
|
|
|
|
if (not_weeks) {
|
|
|
|
|
/* Mix of weeks and other indicators is not allowed */
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
} else {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
errno = 0;
|
2024-03-08 12:12:50 +01:00
|
|
|
lli = strtoll(str + 1, &endptr, 10);
|
|
|
|
|
if (*endptr != *W) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
duration->parts[2] = (uint32_t)lli;
|
2022-06-21 12:22:36 +02:00
|
|
|
str = W;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Deal with trailing garbage. */
|
|
|
|
|
if (str[1] != '\0') {
|
|
|
|
|
return (ISC_R_BADNUMBER);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
duration->iso8601 = true;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2022-06-27 16:31:43 +02:00
|
|
|
|
|
|
|
|
isc_result_t
|
|
|
|
|
isccfg_parse_duration(isc_textregion_t *source, isccfg_duration_t *duration) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
|
|
|
|
|
REQUIRE(duration != NULL);
|
|
|
|
|
|
|
|
|
|
duration->unlimited = false;
|
|
|
|
|
result = isccfg_duration_fromtext(source, duration);
|
|
|
|
|
if (result == ISC_R_BADNUMBER) {
|
|
|
|
|
/* Fallback to dns_ttl_fromtext. */
|
|
|
|
|
uint32_t ttl;
|
|
|
|
|
result = dns_ttl_fromtext(source, &ttl);
|
|
|
|
|
if (result == ISC_R_SUCCESS) {
|
|
|
|
|
/*
|
|
|
|
|
* With dns_ttl_fromtext() the information on optional
|
|
|
|
|
* units is lost, and is treated as seconds from now on.
|
|
|
|
|
*/
|
|
|
|
|
duration->iso8601 = false;
|
|
|
|
|
duration->parts[6] = ttl;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint32_t
|
|
|
|
|
isccfg_duration_toseconds(const isccfg_duration_t *duration) {
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
uint64_t seconds = 0;
|
2022-06-27 16:31:43 +02:00
|
|
|
|
|
|
|
|
REQUIRE(duration != NULL);
|
|
|
|
|
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
seconds += (uint64_t)duration->parts[6]; /* Seconds */
|
|
|
|
|
seconds += (uint64_t)duration->parts[5] * 60; /* Minutes */
|
|
|
|
|
seconds += (uint64_t)duration->parts[4] * 3600; /* Hours */
|
|
|
|
|
seconds += (uint64_t)duration->parts[3] * 86400; /* Days */
|
|
|
|
|
seconds += (uint64_t)duration->parts[2] * 86400 * 7; /* Weeks */
|
2022-06-27 16:31:43 +02:00
|
|
|
/*
|
|
|
|
|
* The below additions are not entirely correct
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
* because days may vary per month and per year.
|
2022-06-27 16:31:43 +02:00
|
|
|
*/
|
Handle large numbers when parsing/printing a duration
The isccfg_duration_fromtext() function is truncating large numbers
to 32 bits instead of capping or rejecting them, i.e. 64424509445,
which is 0xf00000005, gets parsed as 32-bit value 5 (0x00000005).
Fail parsing a duration if any of its components is bigger than
32 bits. Using those kind of big numbers has no practical use case
for a duration.
The isccfg_duration_toseconds() function can overflow the 32 bit
seconds variable when calculating the duration from its component
parts.
To avoid that, use 64-bit calculation and return UINT32_MAX if the
calculated value is bigger than UINT32_MAX. Again, a number this big
has no practical use case anyway.
The buffer for the generated duration string is limited to 64 bytes,
which, in theory, is smaller than the longest possible generated
duration string.
Use 80 bytes instead, calculated by the '7 x (10 + 1) + 3' formula,
where '7' is the count of the duration's parts (year, month, etc.), '10'
is their maximum length when printed as a decimal number, '1' is their
indicator character (Y, M, etc.), and 3 is two more indicators (P and T)
and the terminating NUL character.
2022-10-17 08:45:45 +00:00
|
|
|
seconds += (uint64_t)duration->parts[1] * 86400 * 31; /* Months */
|
|
|
|
|
seconds += (uint64_t)duration->parts[0] * 86400 * 365; /* Years */
|
|
|
|
|
|
|
|
|
|
return (seconds > UINT32_MAX ? UINT32_MAX : (uint32_t)seconds);
|
2022-06-27 16:31:43 +02:00
|
|
|
}
|
