From cd62aea0ac691a5c4bba8ef03e62ee72702391ee Mon Sep 17 00:00:00 2001 From: chrysn Date: Fri, 13 Jan 2023 11:40:11 +0100 Subject: [PATCH] shell/rtc: Fix out of bounds access; document error behavior --- sys/shell/cmds/rtc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/sys/shell/cmds/rtc.c b/sys/shell/cmds/rtc.c index 82b857b7a1..eca0bbc4bf 100644 --- a/sys/shell/cmds/rtc.c +++ b/sys/shell/cmds/rtc.c @@ -25,6 +25,7 @@ #include #include +#include "container.h" #include "periph/rtc.h" #include "shell.h" @@ -39,10 +40,24 @@ static int dow(int year, int month, int day) { /* calculate the day of week using Tøndering's algorithm */ static int t[] = {0, 3, 2, 5, 0, 3, 5, 1, 4, 6, 2, 4}; + if (month < 1 || month > (int) ARRAY_SIZE(t)) { + /* This will be a wrong answer, but error handling is not this + * function's task (whereas memory safety is). */ + return 7; + } year -= month < 3; return (year + year/4 - year/100 + year/400 + t[month-1] + day) % 7; } +/** Read a ["YYYY-MM-DD", "hh:mm:ss"] formatted value from a string array. + * + * This performs no validation on the entered time -- that'd be trivial on some + * fields (month), but excessive on others (day of month -- we don't do leap + * year calculation otherwise) and need information we don't have (leap + * seconds) on yet others. + * + * Invalid inputs merely lead to out-of-range values inside the time struct. + */ static int _parse_time(char **argv, struct tm *time) { short i;