Importing invalid SKR file might overflow the stack buffer

If an invalid SKR file is imported, reading the time from the token
buffer might overflow the buffer on the local stack.  This has been
fixed by removing the intermediate buffer and parsing the lexer token
directly.

(cherry picked from commit 8ab4827a0c)

bin/dnssec/dnssec-ksr.c

@@ -1211,7 +1211,6 @@ sign(ksr_ctx_t *ksr) {
 		}
 
 		if (strcmp(STR(token), ";;") == 0) {
-			char bundle[KSR_LINESIZE];
 			isc_stdtime_t next_inception;
 
 			CHECK(isc_lex_gettoken(lex, opt, &token));
@@ -1245,9 +1244,8 @@ sign(ksr_ctx_t *ksr) {
 			}
 
 			/* Date and time of bundle */
-			sscanf(STR(token), "%s", bundle);
-			next_inception = strtotime(bundle, ksr->now, ksr->now,
-						   NULL);
+			next_inception = strtotime(STR(token), ksr->now,
+						   ksr->now, NULL);
 
 			if (have_bundle) {
 				/* Sign previous bundle */

lib/dns/skr.c

@@ -231,7 +231,6 @@ dns_skr_read(isc_mem_t *mctx, const char *filename, dns_name_t *origin,
 	     dns_rdataclass_t rdclass, dns_ttl_t dnskeyttl, dns_skr_t **skrp) {
 	isc_result_t result;
 	dns_skrbundle_t *bundle = NULL;
-	char bundlebuf[1024];
 	uint32_t bundle_id;
 	isc_lex_t *lex = NULL;
 	isc_lexspecials_t specials;
@@ -304,8 +303,7 @@ dns_skr_read(isc_mem_t *mctx, const char *filename, dns_name_t *origin,
 			}
 
 			/* Create new bundle */
-			sscanf(STR(token), "%s", bundlebuf);
-			CHECK(dns_time32_fromtext(bundlebuf, &bundle_id));
+			CHECK(dns_time32_fromtext(STR(token), &bundle_id));
 			bundle = NULL;
 			skrbundle_create(mctx, (isc_stdtime_t)bundle_id,
 					 &bundle);