From owner-freebsd-standards@FreeBSD.ORG Mon Nov 5 11:06:39 2012 Return-Path: Delivered-To: freebsd-standards@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6B5F9CFC for ; Mon, 5 Nov 2012 11:06:39 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 503018FC1D for ; Mon, 5 Nov 2012 11:06:39 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qA5B6dOf001302 for ; Mon, 5 Nov 2012 11:06:39 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qA5B6ctf001300 for freebsd-standards@FreeBSD.org; Mon, 5 Nov 2012 11:06:38 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 5 Nov 2012 11:06:38 GMT Message-Id: <201211051106.qA5B6ctf001300@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-standards@FreeBSD.org Subject: Current problem reports assigned to freebsd-standards@FreeBSD.org X-BeenThere: freebsd-standards@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Standards compliance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2012 11:06:39 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o stand/173087 standards pax(1) does not support the pax interchange format o stand/172805 standards Fix catopen(3)'s EINVAL usage and document EFTYPE o stand/172276 standards POSIX: {get,set}groups gidsetsize is u_int not int o stand/172215 standards localeconv() grouping appears not to match POSIX o stand/170403 standards wrong ntohs expression type tickling clang o stand/170346 standards Changes to support waitid() and related stuff o stand/169697 standards syslogd(8) is not BOM aware o stand/166349 standards Support the assignment-allocation character for fscanf o stand/164787 standards dirfd() function not available when _POSIX_C_SOURCE is o kern/164674 standards [patch] [libc] vfprintf/vfwprintf return error (EOF) o o stand/162434 standards getaddrinfo: addrinfo.ai_family is an address family, o stand/150093 standards C++ std::locale support is broken o stand/130067 standards Wrong numeric limits in system headers? o stand/124860 standards flockfile(3) doesn't work when the memory has been exh o stand/121921 standards [patch] Add leap second support to at(1), atrun(8) o stand/116477 standards rm(1): rm behaves unexpectedly when using -r and relat o bin/116413 standards incorrect getconf(1) handling of unsigned constants gi o stand/116081 standards make does not work with the directive sinclude p stand/107561 standards [libc] [patch] [request] Missing SUS function tcgetsid o stand/100017 standards [Patch] Add fuser(1) functionality to fstat(1) a stand/86484 standards [patch] mkfifo(1) uses wrong permissions o stand/82654 standards C99 long double math functions are missing o stand/81287 standards [patch] fingerd(8) might send a line not ending in CRL a stand/80293 standards sysconf() does not support well-defined unistd values o stand/79056 standards [feature request] [atch] regex(3) regression tests o stand/70813 standards [patch] ls(1) not Posix compliant o stand/66357 standards make POSIX conformance problem ('sh -e' & '+' command- s kern/64875 standards [libc] [patch] [request] add a system call: fdatasync( o stand/56476 standards [patch] cd9660 unicode support simple hack o stand/54410 standards one-true-awk not POSIX compliant (no extended REs) o stand/46119 standards Priority problems for SCHED_OTHER using pthreads o stand/44365 standards [headers] [patch] [request] introduce ulong and unchar a stand/41576 standards ln(1): replacing old dir-symlinks a docs/26003 standards getgroups(2) lists NGROUPS_MAX but not syslimits.h s stand/24590 standards timezone function not compatible witn Single Unix Spec o stand/21519 standards sys/dir.h should be deprecated some more s bin/14925 standards getsubopt isn't poisonous enough 37 problems total. From owner-freebsd-standards@FreeBSD.ORG Tue Nov 6 14:30:01 2012 Return-Path: Delivered-To: freebsd-standards@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0A24567D for ; Tue, 6 Nov 2012 14:30:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id D20278FC15 for ; Tue, 6 Nov 2012 14:30:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qA6EU0aA022786 for ; Tue, 6 Nov 2012 14:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qA6EU0ga022785; Tue, 6 Nov 2012 14:30:00 GMT (envelope-from gnats) Resent-Date: Tue, 6 Nov 2012 14:30:00 GMT Resent-Message-Id: <201211061430.qA6EU0ga022785@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-standards@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Fabian Keil Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B9BB33B9 for ; Tue, 6 Nov 2012 14:20:53 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 9602E8FC14 for ; Tue, 6 Nov 2012 14:20:53 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id qA6EKrSW021553 for ; Tue, 6 Nov 2012 14:20:53 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id qA6EKrYx021552; Tue, 6 Nov 2012 14:20:53 GMT (envelope-from nobody) Message-Id: <201211061420.qA6EKrYx021552@red.freebsd.org> Date: Tue, 6 Nov 2012 14:20:53 GMT From: Fabian Keil To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: standards/173421: [patch] strptime() accepts formats that should be rejected X-BeenThere: freebsd-standards@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Standards compliance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2012 14:30:01 -0000 >Number: 173421 >Category: standards >Synopsis: [patch] strptime() accepts formats that should be rejected >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-standards >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 06 14:30:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Fabian Keil >Release: HEAD >Organization: >Environment: FreeBSD r500.local 10.0-CURRENT FreeBSD 10.0-CURRENT #507 r+e8d2611: Mon Nov 5 13:00:26 CET 2012 fk@r500.local:/usr/obj/usr/src/sys/ZOEY amd64 >Description: If two digits are followed by a space in buf, %H lets strptime() parse the two digits as hours which is correct, but then move the format pointer to the end, thus ignoring the rest of buf and reporting a successful parse operation without looking at any additional format specifiers. This lets the format "%a, %d-%b-%y %H:%M:%S" "match" "Thursday, 18-Oct-2012 00:11:22", even though the parsing should fail after %H matched the 12 (because %y only matches the 20). The resulting time is obviously incorrect. This affects applications that deal with multiple date variations by testing several different formats until finding one that is accepted by strptime(), for example applications that parse dates in HTTP headers. I noticed the problem while working on Privoxy. I only confirmed this problem with the %H specifier, but from the code it looks like other format specifiers are affected as well. Applications can work around the problem by checking "%a, %d-%b-%Y %H:%M:%S" before "%a, %d-%b-%y %H:%M:%S", but this triggers bugs in other strptime() implementations. The attached patch solves the problem by completely removing the code that causes the format pointer skipping. This may be incorrect, but I couldn't think of a scenario where the code is useful, only of scenarios where it doesn't hurt. My test case is also handled correctly if the second while() condition in the removed code is reversed, which might look reasonable on a first glance, but breaks if %H is followed by a space and an additional format specifier, in which case the %H case would move the format pointer to the beginning of the next format specifier, which would then reject the space in the buf. The second patch additionally removes the questionable code for a couple of other format specifiers, but at least for my use case the code didn't cause any problems as the skip condition is always false. Again I couldn't think of a scenario where it's useful, though. >How-To-Repeat: The output of the test case (which I'll submit per mail to keep the formatting) should be: Supposedly matching format: %a, %d-%b-%Y %H:%M:%S Thursday, 18-Oct-2012 00:11:22 GMT -> Thursday, 18-Oct-2012 00:11:22 GMT ok Without the patch it's: Supposedly matching format: %a, %d-%b-%y %H:%M:%S Thursday, 18-Oct-2012 00:11:22 GMT -> Sunday, 18-Oct-2020 12:00:00 GMT fail >Fix: Apply the attached patch after confirming that the removed code indeed does nothing useful. Patch attached with submission follows: >From 6c81c0d84f333075569e84ef9008760bd4689e19 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Thu, 18 Oct 2012 18:23:00 +0200 Subject: [PATCH 1/2] Fix hour parsing with %H (or break it differently?) If two digits were followed by a space in buf, %H would parse the two digits and move the format pointer to the end, thus reporting a completely successful parse operation without looking at any additional format specifiers. This would let the format "%a, %d-%b-%y %H:%M:%S" match "Thursday, 18-Oct-2012 00:11:22", even though the parsing should fail after %H matched the 12 (because %y only matches the 20). --- lib/libc/stdtime/strptime.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/libc/stdtime/strptime.c b/lib/libc/stdtime/strptime.c index a4ea3fd..3117d3b 100644 --- a/lib/libc/stdtime/strptime.c +++ b/lib/libc/stdtime/strptime.c @@ -285,11 +285,6 @@ label: tm->tm_hour = i; - if (*buf != 0 && - isspace_l((unsigned char)*buf, locale)) - while (*ptr != 0 && - !isspace_l((unsigned char)*ptr, locale)) - ptr++; break; case 'p': -- 1.7.12.4 >From 7b008a9c6555976d5531b45bc72999c27be7e33e Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Oct 2012 11:45:02 +0200 Subject: [PATCH 2/2] strptime: Apply the previous fix to the rest of the format specifiers Not thoroughly tested. --- lib/libc/stdtime/strptime.c | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/lib/libc/stdtime/strptime.c b/lib/libc/stdtime/strptime.c index 3117d3b..7a03c96 100644 --- a/lib/libc/stdtime/strptime.c +++ b/lib/libc/stdtime/strptime.c @@ -248,11 +248,6 @@ label: tm->tm_sec = i; } - if (*buf != 0 && - isspace_l((unsigned char)*buf, locale)) - while (*ptr != 0 && - !isspace_l((unsigned char)*ptr, locale)) - ptr++; break; case 'H': @@ -354,11 +349,6 @@ label: if (i > 53) return 0; - if (*buf != 0 && - isspace_l((unsigned char)*buf, locale)) - while (*ptr != 0 && - !isspace_l((unsigned char)*ptr, locale)) - ptr++; break; case 'w': @@ -371,11 +361,6 @@ label: tm->tm_wday = i; - if (*buf != 0 && - isspace_l((unsigned char)*buf, locale)) - while (*ptr != 0 && - !isspace_l((unsigned char)*ptr, locale)) - ptr++; break; case 'd': @@ -403,11 +388,6 @@ label: tm->tm_mday = i; - if (*buf != 0 && - isspace_l((unsigned char)*buf, locale)) - while (*ptr != 0 && - !isspace_l((unsigned char)*ptr, locale)) - ptr++; break; case 'B': @@ -464,11 +444,6 @@ label: tm->tm_mon = i - 1; - if (*buf != 0 && - isspace_l((unsigned char)*buf, locale)) - while (*ptr != 0 && - !isspace_l((unsigned char)*ptr, locale)) - ptr++; break; case 's': @@ -517,11 +492,6 @@ label: tm->tm_year = i; - if (*buf != 0 && - isspace_l((unsigned char)*buf, locale)) - while (*ptr != 0 && - !isspace_l((unsigned char)*ptr, locale)) - ptr++; break; case 'Z': -- 1.7.12.4 >Release-Note: >Audit-Trail: >Unformatted: From owner-freebsd-standards@FreeBSD.ORG Tue Nov 6 14:40:01 2012 Return-Path: Delivered-To: freebsd-standards@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6E3FC8B3 for ; Tue, 6 Nov 2012 14:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 497248FC0A for ; Tue, 6 Nov 2012 14:40:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qA6Ee1qC023156 for ; Tue, 6 Nov 2012 14:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qA6Ee1qx023155; Tue, 6 Nov 2012 14:40:01 GMT (envelope-from gnats) Date: Tue, 6 Nov 2012 14:40:01 GMT Message-Id: <201211061440.qA6Ee1qx023155@freefall.freebsd.org> To: freebsd-standards@FreeBSD.org Cc: From: Fabian Keil Subject: Re: standards/173421: [patch] strptime() accepts formats that should be rejected X-BeenThere: freebsd-standards@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Fabian Keil List-Id: Standards compliance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2012 14:40:01 -0000 The following reply was made to PR standards/173421; it has been noted by GNATS. From: Fabian Keil To: bug-followup@FreeBSD.org Cc: Subject: Re: standards/173421: [patch] strptime() accepts formats that should be rejected Date: Tue, 6 Nov 2012 15:34:23 +0100 --Sig_/YeAUBADYETtZpEjfu+USQD0 Content-Type: multipart/mixed; boundary="MP_/6tB4BFU4RoWvX7WFBL_6Nfa" --MP_/6tB4BFU4RoWvX7WFBL_6Nfa Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Attached is the test case. Usage: make strptime-test ./strptime-test Fabian --MP_/6tB4BFU4RoWvX7WFBL_6Nfa Content-Type: text/x-csrc Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=strptime-test.c #include #include #include #include #include /** Calculates the number of elements in an array */ #define SZ(X) (sizeof(X) / sizeof(*X)) /* Copied from Privoxy and somewhat modified */ static int parse_header_time(const char *header_time, time_t *result) { struct tm gmt; /* * Checking for two-digit years first in an * attempt to work around GNU libc's strptime() * reporting negative year values when using %Y. */ static const char time_formats[][22] =3D { /* Tue, 02-Jun-37 20:00:00 */ "%a, %d-%b-%y %H:%M:%S", /* Tue, 02 Jun 2037 20:00:00 */ "%a, %d %b %Y %H:%M:%S", /* Tue, 02-Jun-2037 20:00:00 */ "%a, %d-%b-%Y %H:%M:%S", /* Tuesday, 02-Jun-2037 20:00:00 */ "%A, %d-%b-%Y %H:%M:%S", /* Tuesday Jun 02 20:00:00 2037 */ "%A %b %d %H:%M:%S %Y" }; unsigned int i; for (i =3D 0; i < SZ(time_formats); i++) { memset(&gmt, 0, sizeof(gmt)); if (NULL !=3D strptime(header_time, time_formats[i], &gmt)) { /* Sanity check for GNU libc. */ if (gmt.tm_year < 0) { printf("Failed to parse '%s' using '%s'. Moving on.\n", header_time, time_formats[i]); continue; } printf("Supposedly matching format: %s\n", time_formats[i]); *result =3D timegm(&gmt); return 0; } } return 1; } int main (void) { char buf[100]; static const char date[] =3D "Thursday, 18-Oct-2012 00:11:22 GMT"; struct tm *tm; time_t epoch; int failure; memset(&epoch, '\0', sizeof(epoch)); if (parse_header_time(date, &epoch)) { printf("No matching format string for: %s!\n", date); return 1; } tm =3D gmtime(&epoch); failure =3D (tm->tm_year + 1900 !=3D 2012); strftime(buf, sizeof(buf), "%A, %d-%b-%Y %H:%M:%S GMT", tm); printf("%s -> %s\n%s\n", date, buf, failure ? "fail" : "ok"); return failure; } --MP_/6tB4BFU4RoWvX7WFBL_6Nfa-- --Sig_/YeAUBADYETtZpEjfu+USQD0 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlCZH/MACgkQSMVSH78upWP9ogCdFe/4zpYQdkSuF0xI9peLyBPi y/AAnRfgjWbTrzrMf2SytoOpISvRBnmx =Uxsl -----END PGP SIGNATURE----- --Sig_/YeAUBADYETtZpEjfu+USQD0--