1 From 88412772d295ebf7dd34409534507dc9bcac726e Mon Sep 17 00:00:00 2001
2 From: Stanislav Malyshev <stas@php.net>
3 Date: Sun, 28 Sep 2014 17:33:44 -0700
4 Subject: [PATCH] Fix bug #68027 - fix date parsing in XMLRPC lib
8 ext/xmlrpc/libxmlrpc/xmlrpc.c | 13 ++++++++-----
9 ext/xmlrpc/tests/bug68027.phpt | 44 ++++++++++++++++++++++++++++++++++++++++++
10 3 files changed, 56 insertions(+), 6 deletions(-)
11 create mode 100644 ext/xmlrpc/tests/bug68027.phpt
13 diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c
14 index ce70c2a..b766a54 100644
15 --- a/ext/xmlrpc/libxmlrpc/xmlrpc.c
16 +++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c
17 @@ -219,16 +219,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
20 for(i = 0; i < 2; i++) {
21 - XMLRPC_IS_NUMBER(text[i])
22 + XMLRPC_IS_NUMBER(text[i+4])
23 tm.tm_mon += (text[i+4]-'0')*n;
27 + if(tm.tm_mon < 0 || tm.tm_mon > 11) {
33 for(i = 0; i < 2; i++) {
34 - XMLRPC_IS_NUMBER(text[i])
35 + XMLRPC_IS_NUMBER(text[i+6])
36 tm.tm_mday += (text[i+6]-'0')*n;
39 @@ -236,7 +239,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
42 for(i = 0; i < 2; i++) {
43 - XMLRPC_IS_NUMBER(text[i])
44 + XMLRPC_IS_NUMBER(text[i+9])
45 tm.tm_hour += (text[i+9]-'0')*n;
48 @@ -244,7 +247,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
51 for(i = 0; i < 2; i++) {
52 - XMLRPC_IS_NUMBER(text[i])
53 + XMLRPC_IS_NUMBER(text[i+12])
54 tm.tm_min += (text[i+12]-'0')*n;
57 @@ -252,7 +255,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
60 for(i = 0; i < 2; i++) {
61 - XMLRPC_IS_NUMBER(text[i])
62 + XMLRPC_IS_NUMBER(text[i+15])
63 tm.tm_sec += (text[i+15]-'0')*n;
66 diff --git a/ext/xmlrpc/tests/bug68027.phpt b/ext/xmlrpc/tests/bug68027.phpt
68 index 0000000..a5c96f1
70 +++ b/ext/xmlrpc/tests/bug68027.phpt
73 +Bug #68027 (buffer overflow in mkgmtime() function)
76 +if (!extension_loaded("xmlrpc")) print "skip";
81 +$d = '6-01-01 20:00:00';
82 +xmlrpc_set_type($d, 'datetime');
84 +$datetime = "2001-0-08T21:46:40-0400";
85 +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
88 +$datetime = "34770-0-08T21:46:40-0400";
89 +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
95 +object(stdClass)#1 (3) {
97 + string(16) "6-01-01 20:00:00"
99 + string(8) "datetime"
105 + [scalar] => 2001-0-08T21:46:40-0400
106 + [xmlrpc_type] => datetime
111 + [scalar] => 34770-0-08T21:46:40-0400
112 + [xmlrpc_type] => datetime