printing: avoid crash in LPRng_time

douglasbagnall · abartlet · commit fc267567a072 · 2021-07-05T05:07:13.000Z
If the string is too shhort we don't want to atoi() whatever is beyond
the end of it.

Found using Honggfuzz and the fuzz_parse_lpq_entry fuzzer.

Signed-off-by: Douglas Bagnall &lt;douglas.bagnall@catalyst.net.nz&gt;
Reviewed-by: Andrew Bartlett &lt;abartlet@samba.org&gt;

Autobuild-User(master): Andrew Bartlett &lt;abartlet@samba.org&gt;
Autobuild-Date(master): Mon Jul  5 05:07:13 UTC 2021 on sn-devel-184
diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c
@@ -223,10 +223,16 @@ static time_t LPRng_time(char *time_string)
 	}
 
 	if ( atoi(time_string) < 24 ){
+		if (strlen(time_string) < 7) {
+			return (time_t)-1;
+		}
 		t->tm_hour = atoi(time_string);
 		t->tm_min = atoi(time_string+3);
 		t->tm_sec = atoi(time_string+6);
 	} else {
+		if (strlen(time_string) < 18) {
+			return (time_t)-1;
+		}
 		t->tm_year = atoi(time_string)-1900;
 		t->tm_mon = atoi(time_string+5)-1;
 		t->tm_mday = atoi(time_string+8);
