Blob Blame Raw
From 5f0aab1fccab4c191b2083aea88e28856caf1a4c Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 14 Jul 2015 10:09:00 -0400
Subject: [PATCH 18/20] Ticket 47910 - logconv.pl - validate start and end time
 args

Description:  Add validatation checks for the startTime/endTime configuration
              arguments(-S, -E)

https://fedorahosted.org/389/ticket/47910

Reviewed by: rmeggins(Thanks!)

(cherry picked from commit 8495afa57ad837e3a51871a4f6da2a9978c8e711)
(cherry picked from commit 3bf1daaadd7e7c7b0f99d1f7a93d78598730269d)
---
 ldap/admin/src/logconv.pl | 65 +++++++++++++++++++++++++++++++++++------------
 1 file changed, 49 insertions(+), 16 deletions(-)

diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
index ce4114e..7ca9084 100755
--- a/ldap/admin/src/logconv.pl
+++ b/ldap/admin/src/logconv.pl
@@ -24,6 +24,7 @@ use DB_File;
 use sigtrap qw(die normal-signals);
 use Archive::Tar;
 use IO::Uncompress::AnyUncompress qw($AnyUncompressError);
+use Scalar::Util qw(looks_like_number);
 
 Getopt::Long::Configure ("bundling");
 Getopt::Long::Configure ("permute");
@@ -341,18 +342,18 @@ $connmsg{"P2"} = "Poll";
 $connmsg{"U1"} = "Cleanly Closed Connections";
 
 my %monthname = (
-	"Jan" => 0,
-	"Feb" => 1,
-	"Mar" => 2,
-	"Apr" => 3,
-	"May" => 4,
-	"Jun" => 5,
-	"Jul" => 6,
-	"Aug" => 7,
-	"Sep" => 8,
-	"Oct" => 9,
-	"Nov" => 10,
-	"Dec" => 11,
+	"jan" => 0,
+	"feb" => 1,
+	"mar" => 2,
+	"apr" => 3,
+	"may" => 4,
+	"jun" => 5,
+	"jul" => 6,
+	"aug" => 7,
+	"sep" => 8,
+	"oct" => 9,
+	"nov" => 10,
+	"dec" => 11,
 
 );
 
@@ -411,11 +412,27 @@ sub convertTimeToSeconds {
 	my $logDate;
 	my @dateComps;
 	my ($timeMonth, $timeDay, $timeYear, $dateTotal);
+	$dateTotal = 0;
 	if ($log_line =~ / *([0-9A-Z\/]+)/i ){
 		$logDate = $1;
 		@dateComps = split /\//, $logDate;
-
-		$timeMonth = 1 + $monthname{$dateComps[1]};
+		if ($#dateComps < 2) {
+			print "The date string ($log_line) is invalid, exiting...\n";
+			exit(1);
+		}
+		if (!looks_like_number($dateComps[0]) || length $dateComps[0] != 2) {
+			print "The date string ($log_line) has invalid day ($dateComps[0]), exiting...\n";
+			exit(1);
+		}
+		if ($monthname{lc $dateComps[1]} eq "") {
+			print "The date string ($log_line) has invalid month ($dateComps[1]), exiting...\n";
+			exit(1);
+		}
+		if (!looks_like_number($dateComps[2]) || length $dateComps[2] != 4 ) {
+			print "The date string ($log_line) has invalid year ($dateComps[2]), exiting...\n";
+			exit(1);
+		}
+		$timeMonth = 1 + $monthname{lc $dateComps[1]};
 		$timeMonth = $timeMonth * 3600 * 24 * 30;
 		$timeDay= $dateComps[0] * 3600 * 24;
 		$timeYear = $dateComps[2] * 365 * 3600 * 24;
@@ -425,10 +442,26 @@ sub convertTimeToSeconds {
 	my $logTime;
 	my @timeComps;
 	my ($timeHour, $timeMinute, $timeSecond, $timeTotal);
+	$timeTotal = 0;
 	if ($log_line =~ / *(:[0-9:]+)/i ){
 		$logTime = $1;
 		@timeComps = split /:/, $logTime;
-
+		if ($#timeComps < 3) {
+			print "The time string ($log_line) is invalid, exiting...\n";
+			exit(1);
+		}
+		if (!looks_like_number($timeComps[1]) || length $timeComps[1] != 2){
+			print "The time string ($log_line) has invalid hour ($timeComps[1]), exiting...\n";
+			exit(1);
+		}
+		if (!looks_like_number($timeComps[2]) || length $timeComps[2] != 2){
+			print "The time string ($log_line) has invalid minute ($timeComps[2]), exiting...\n";
+			exit(1);
+		}
+		if (!looks_like_number($timeComps[3]) || length $timeComps[3] != 2){
+			print "The time string ($log_line) has invalid second ($timeComps[3]), exiting...\n";
+			exit(1);
+		}
 		$timeHour = $timeComps[1] * 3600;
 		$timeMinute = $timeComps[2] * 60;
 		$timeSecond = $timeComps[3];
@@ -1796,7 +1829,7 @@ sub parseLineNormal
 		}
 		my ($date, $hr, $min, $sec) = split (':', $time);
 		my ($day, $mon, $yr) = split ('/', $date);
-		my $newmin = timegm(0, $min, $hr, $day, $monthname{$mon}, $yr) - $tzoff;
+		my $newmin = timegm(0, $min, $hr, $day, $monthname{lc $mon}, $yr) - $tzoff;
 		$gmtime = $newmin + $sec;
 		print_stats_block( $s_stats );
 		reset_stats_block( $s_stats, $gmtime, $time.' '.$tzone );
-- 
1.9.3