ip: handle NULL return from localtime in strxf_time in

Commit Message

Anton Moryakov Feb. 16, 2025, 2:25 a.m. UTC

Static analyzer reported:
Pointer 'tp', returned from function 'localtime' at ipxfrm.c:352, may be NULL 
and is dereferenced at ipxfrm.c:354 by calling function 'strftime'.

Corrections explained:
The function localtime() may return NULL if the provided time value is
invalid. This commit adds a check for NULL and handles the error case
by copying "invalid-time" into the output buffer.
Unlikely, but may return an error

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

---
 ip/ipxfrm.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Stephen Hemminger Feb. 16, 2025, 4:41 a.m. UTC | #1

On Sun, 16 Feb 2025 05:25:23 +0300
Anton Moryakov <ant.v.moryakov@gmail.com> wrote:

> Static analyzer reported:
> Pointer 'tp', returned from function 'localtime' at ipxfrm.c:352, may be NULL 
> and is dereferenced at ipxfrm.c:354 by calling function 'strftime'.
> 
> Corrections explained:
> The function localtime() may return NULL if the provided time value is
> invalid. This commit adds a check for NULL and handles the error case
> by copying "invalid-time" into the output buffer.
> Unlikely, but may return an error
> 
> Triggers found by static analyzer Svace.
> 
> Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

Seems like you are creating dead code. Unless glibc is broken
this can never happen.

Patch

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 90d25aac..9bfd96ab 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -351,7 +351,12 @@  static const char *strxf_time(__u64 time)
 		t = (long)time;
 		tp = localtime(&t);
 
-		strftime(str, sizeof(str), "%Y-%m-%d %T", tp);
+		if (!tp) {
+			/* Handle error case */
+			strcpy(str, "invalid-time");
+		} else {
+			strftime(str, sizeof(str), "%Y-%m-%d %T", tp);
+		}
 	}
 
 	return str;