Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=rkzwudjP; dkim=fail reason="signature verification failed" (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=rQgPbu6Y Received: by mail.netbsd.org (Postfix, from userid 605) id D838F84D54; Sun, 21 Apr 2024 08:56:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1713689811; bh=uID8pgSiT3TnLVnscAwa1bX8qQRKxFT2h/IQ231Vx0I=; h=Date:From:Subject:To:List-Id:Reply-To:List-Unsubscribe; b=rkzwudjPK30YlTa4m02CAnDtB0x+HMXb2ZpU5dhb52ZXU7pL1g8nn5d44zMZxJ8dB SRBy/N+iV9d+kZSGxq9JAHDf5Y2bpy0Mnq0i/AeNb9xgbV/7fbaJ4vKKcaDwPdWcFy bVQUDmzMQ+3BuQWBlTXxpLNVMPyh0jte7IStRXRA= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C061584D51 for ; Sun, 21 Apr 2024 08:56:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id WMKg8XRMPzKH for ; Sun, 21 Apr 2024 08:56:49 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 544E684D26 for ; Sun, 21 Apr 2024 08:56:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1713689809; bh=uID8pgSiT3TnLVnscAwa1bX8qQRKxFT2h/IQ231Vx0I=; h=Date:From:Subject:To:Reply-To; b=rQgPbu6YmttSxI5oN06Z/FllnfWP3m4xnojILgs8AgNoCAoWDPm1aYO5ORPDHLfty qdlbsZoJ4gRkHphKZFNL4qu6ocyGgu9XTT6wY7331xKTyjV05XX5HOAfMBuK1cexOB Q4o77KEr2QOf+No9nDZaV+U233jqu72Oj5WThA2Q= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 4D79CFA2C; Sun, 21 Apr 2024 08:56:49 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Sun, 21 Apr 2024 08:56:49 +0000 From: "Roland Illig" Subject: CVS commit: src/usr.bin/make To: source-changes@NetBSD.org X-Mailer: log_accum Message-Id: <20240421085649.4D79CFA2C@cvs.NetBSD.org> Sender: source-changes-owner@NetBSD.org List-Id: Precedence: bulk Reply-To: source-changes-d@NetBSD.org Mail-Reply-To: "Roland Illig" Mail-Followup-To: source-changes-d@NetBSD.org List-Unsubscribe: Module Name: src Committed By: rillig Date: Sun Apr 21 08:56:49 UTC 2024 Modified Files: src/usr.bin/make: var.c Log Message: make: fix out-of-bounds read when evaluating :gmtime and :localtime The function TryParseTime takes a pointer to a string, but the LazyBuf returns a Substring, which is not guaranteed to be null-terminated or delimited. In TryParseTime, calling strtoul on the Substring read past the end of the substring. Noticed in the NetBSD build in libntp, where the :gmtime modifier is used in two places with the same timestamp value, of which the first was evaluated correctly and the second wasn't. The bug was introduced in var.c 1.1050 from 2023-05-09, when the argument of the :gmtime and :localtime modifiers was allowed to be an expression instead of an integer constant. To generate a diff of this commit: cvs rdiff -u -r1.1102 -r1.1103 src/usr.bin/make/var.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.