From a1e0a0e9286fbe90ca04cda9df38e72d8d18b0c1 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 14 Jun 2006 21:36:49 +0000
Subject: r16230: Fix Klocwork #861 and others. localtime and asctime can
 return NULL. Ensure we check all returns correctly. Jeremy. (This used to be
 commit 6c61dc8ed6d84f310ef391fb7700e93ef42c4afc)

---
 source3/auth/auth_sam.c   | 21 ++++++++++++++++++---
 source3/auth/pass_check.c | 10 ++++++++--
 2 files changed, 26 insertions(+), 5 deletions(-)

(limited to 'source3/auth')

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index e8018eb13d..ec405dd2be 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -77,6 +77,7 @@ static BOOL logon_hours_ok(struct samu *sampass)
 	const uint8 *hours;
 	struct tm *utctime;
 	time_t lasttime;
+	const char *asct;
 	uint8 bitmask, bitpos;
 
 	hours = pdb_get_hours(sampass);
@@ -87,6 +88,11 @@ static BOOL logon_hours_ok(struct samu *sampass)
 
 	lasttime = time(NULL);
 	utctime = gmtime(&lasttime);
+	if (!utctime) {
+		DEBUG(1, ("logon_hours_ok: failed to get gmtime. Failing logon for user %s\n",
+			pdb_get_username(sampass) ));
+		return False;
+	}
 
 	/* find the corresponding byte and bit */
 	bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168;
@@ -94,15 +100,24 @@ static BOOL logon_hours_ok(struct samu *sampass)
 
 	if (! (hours[bitpos/8] & bitmask)) {
 		struct tm *t = localtime(&lasttime);
+		if (!t) {
+			asct = "INVALID TIME";
+		} else {
+			asct = asctime(t);
+			if (!asct) {
+				asct = "INVALID TIME";
+			}
+		}
+		
 		DEBUG(1, ("logon_hours_ok: Account for user %s not allowed to "
 			  "logon at this time (%s).\n",
-			  pdb_get_username(sampass),
-			  t ? asctime(t) : "INVALID TIME"));
+			  pdb_get_username(sampass), asct ));
 		return False;
 	}
 
+	asct = asctime(utctime);
 	DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (%s)\n",
-		pdb_get_username(sampass), asctime(utctime) ));
+		pdb_get_username(sampass), asct ? asct : "UNKNOWN TIME" ));
 
 	return True;
 }
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index 507e8a3836..d0a900b80f 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -92,6 +92,7 @@ check on a DCE/DFS authentication
 ********************************************************************/
 static BOOL dfs_auth(char *user, char *password)
 {
+	struct tm *t;
 	error_status_t err;
 	int err2;
 	int prterr;
@@ -341,8 +342,13 @@ static BOOL dfs_auth(char *user, char *password)
 	set_effective_uid(0);
 	set_effective_gid(0);
 
-	DEBUG(0,
-	      ("DCE context expires: %s", asctime(localtime(&expire_time))));
+	t = localtime(&expire_time);
+	if (t) {
+		const char *asct = asctime(t);
+		if (asct) {
+			DEBUG(0,("DCE context expires: %s", asct));
+		}
+	}
 
 	dcelogin_atmost_once = 1;
 	return (True);
-- 
cgit