From fc267567a072c9483bbcc5cc18e150244bc5376b Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 5 May 2021 14:55:47 +0000
Subject: [PATCH] printing: avoid crash in LPRng_time

If the string is too shhort we don't want to atoi() whatever is beyond
the end of it.

Found using Honggfuzz and the fuzz_parse_lpq_entry fuzzer.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 05:07:13 UTC 2021 on sn-devel-184
---
 source3/printing/lpq_parse.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c
index f016707c088..335bc7f4e75 100644
--- a/source3/printing/lpq_parse.c
+++ b/source3/printing/lpq_parse.c
@@ -223,10 +223,16 @@ static time_t LPRng_time(char *time_string)
 	}
 
 	if ( atoi(time_string) < 24 ){
+		if (strlen(time_string) < 7) {
+			return (time_t)-1;
+		}
 		t->tm_hour = atoi(time_string);
 		t->tm_min = atoi(time_string+3);
 		t->tm_sec = atoi(time_string+6);
 	} else {
+		if (strlen(time_string) < 18) {
+			return (time_t)-1;
+		}
 		t->tm_year = atoi(time_string)-1900;
 		t->tm_mon = atoi(time_string+5)-1;
 		t->tm_mday = atoi(time_string+8);