From 439660c7fb02c17f43497fab3fa04bd59fe7ac53 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sat, 30 Jan 2021 09:29:31 -0700
Subject: [PATCH] Strict tz offset parsing. Fixes an out of bounds read found
 locally using libfuzzer/oss-fuzz.

---
 plugins/sudoers/gentime.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/plugins/sudoers/gentime.c b/plugins/sudoers/gentime.c
index efee05ec3..eb6d08147 100644
--- a/plugins/sudoers/gentime.c
+++ b/plugins/sudoers/gentime.c
@@ -104,6 +104,14 @@ parse_gentime(const char *timestr)
 
 	/* No DST */
 	tm.tm_isdst = 0;
+	/* time zone offset must be hh or hhmm */
+	len = strspn(cp + 1, "0123456789");
+	if (len != 2 && len != 4) {
+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+		"unable to parse time zone offset in %s, bad tz offset",
+		timestr);
+	    debug_return_time_t(-1);
+	}
 	/* parse time zone offset */
 	items = sscanf(cp + 1, "%2d%2d", &hour, &min);
 	if (items == EOF || items < 1) {