288773 – ssh needs to check if localtime_r() returns NULL

Bug 288773 - ssh needs to check if localtime_r() returns NULL

Summary: ssh needs to check if localtime_r() returns NULL

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	15.0-CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ed Maste

URL:
Keywords:

Depends on:
Blocks:	290956
	Show dependency tree / graph

Reported:	2025-08-10 14:53 UTC by Wolfram Schneider
Modified:	2025-11-11 16:57 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfram Schneider freebsd_committer

2025-08-10 14:53:29 UTC

In src/crypto/openssh/misc.c there is a call to localtime_r(3), but the return value will be ignored. In case of an error, localtime_r returns NULL and the value of &tm is undefined. A line later the value of &tm will be passed to strftime(3) and it may segfault.

void
format_absolute_time(uint64_t t, char *buf, size_t len)
{
        time_t tt = t > SSH_TIME_T_MAX ? SSH_TIME_T_MAX : t;
        struct tm tm;

        localtime_r(&tt, &tm);
        strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm);
}

Comment 1 commit-hook freebsd_committer

2025-10-31 17:09:36 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ce03706ab26c5770150f1ef96aca36b69baa535f

commit ce03706ab26c5770150f1ef96aca36b69baa535f
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-10-31 17:04:51 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-10-31 17:08:45 +0000

    openssh: Handle localtime_r() failure by return "UNKNOWN-TIME"

    Apply openssh-portable commit 8b6c1f402feb by deraadt@openbsd.org

    Obtained from:  openssh-portable
    PR:             288773
    Reported by:    wosch
    Sponsored by:   The FreeBSD Foundation

 crypto/openssh/misc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comment 2 commit-hook freebsd_committer

2025-11-05 16:34:05 UTC

A commit in branch stable/15 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=0a45aa9e954acc75484d59ad42ee440aa7f034c7

commit 0a45aa9e954acc75484d59ad42ee440aa7f034c7
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-10-31 17:04:51 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-11-05 16:33:06 +0000

    openssh: Handle localtime_r() failure by return "UNKNOWN-TIME"

    Apply openssh-portable commit 8b6c1f402feb by deraadt@openbsd.org

    Obtained from:  openssh-portable
    PR:             288773
    Reported by:    wosch
    Sponsored by:   The FreeBSD Foundation

    (cherry picked from commit ce03706ab26c5770150f1ef96aca36b69baa535f)

 crypto/openssh/misc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comment 3 commit-hook freebsd_committer

2025-11-05 16:35:06 UTC

A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=4fbf901a2925ec2598167c1c4f04e78c06960869

commit 4fbf901a2925ec2598167c1c4f04e78c06960869
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-10-31 17:04:51 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-11-05 16:34:06 +0000

    openssh: Handle localtime_r() failure by return "UNKNOWN-TIME"

    Apply openssh-portable commit 8b6c1f402feb by deraadt@openbsd.org

    Obtained from:  openssh-portable
    PR:             288773
    Reported by:    wosch
    Sponsored by:   The FreeBSD Foundation

    (cherry picked from commit ce03706ab26c5770150f1ef96aca36b69baa535f)
    (cherry picked from commit 0a45aa9e954acc75484d59ad42ee440aa7f034c7)

 crypto/openssh/misc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comment 4 commit-hook freebsd_committer

2025-11-10 19:01:10 UTC

A commit in branch releng/15.0 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=dd1ed088f090ded90a60a47b1eb5dfbacc1e158a

commit dd1ed088f090ded90a60a47b1eb5dfbacc1e158a
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-10-31 17:04:51 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-11-10 19:00:10 +0000

    openssh: Handle localtime_r() failure by return "UNKNOWN-TIME"

    Apply openssh-portable commit 8b6c1f402feb by deraadt@openbsd.org

    Approved by:    re (cperciva)
    Obtained from:  openssh-portable
    PR:             288773
    Reported by:    wosch
    Sponsored by:   The FreeBSD Foundation

    (cherry picked from commit ce03706ab26c5770150f1ef96aca36b69baa535f)
    (cherry picked from commit 0a45aa9e954acc75484d59ad42ee440aa7f034c7)

 crypto/openssh/misc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)