]>
Commit | Line | Data |
---|---|---|
9fd17760 ER |
1 | From 88412772d295ebf7dd34409534507dc9bcac726e Mon Sep 17 00:00:00 2001 |
2 | From: Stanislav Malyshev <stas@php.net> | |
3 | Date: Sun, 28 Sep 2014 17:33:44 -0700 | |
4 | Subject: [PATCH] Fix bug #68027 - fix date parsing in XMLRPC lib | |
5 | ||
6 | --- | |
7 | NEWS | 5 ++++- | |
8 | ext/xmlrpc/libxmlrpc/xmlrpc.c | 13 ++++++++----- | |
9 | ext/xmlrpc/tests/bug68027.phpt | 44 ++++++++++++++++++++++++++++++++++++++++++ | |
10 | 3 files changed, 56 insertions(+), 6 deletions(-) | |
11 | create mode 100644 ext/xmlrpc/tests/bug68027.phpt | |
12 | ||
13 | diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c | |
14 | index ce70c2a..b766a54 100644 | |
15 | --- a/ext/xmlrpc/libxmlrpc/xmlrpc.c | |
16 | +++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c | |
17 | @@ -219,16 +219,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) { | |
18 | n = 10; | |
19 | tm.tm_mon = 0; | |
20 | for(i = 0; i < 2; i++) { | |
21 | - XMLRPC_IS_NUMBER(text[i]) | |
22 | + XMLRPC_IS_NUMBER(text[i+4]) | |
23 | tm.tm_mon += (text[i+4]-'0')*n; | |
24 | n /= 10; | |
25 | } | |
26 | tm.tm_mon --; | |
27 | + if(tm.tm_mon < 0 || tm.tm_mon > 11) { | |
28 | + return -1; | |
29 | + } | |
30 | ||
31 | n = 10; | |
32 | tm.tm_mday = 0; | |
33 | for(i = 0; i < 2; i++) { | |
34 | - XMLRPC_IS_NUMBER(text[i]) | |
35 | + XMLRPC_IS_NUMBER(text[i+6]) | |
36 | tm.tm_mday += (text[i+6]-'0')*n; | |
37 | n /= 10; | |
38 | } | |
39 | @@ -236,7 +239,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { | |
40 | n = 10; | |
41 | tm.tm_hour = 0; | |
42 | for(i = 0; i < 2; i++) { | |
43 | - XMLRPC_IS_NUMBER(text[i]) | |
44 | + XMLRPC_IS_NUMBER(text[i+9]) | |
45 | tm.tm_hour += (text[i+9]-'0')*n; | |
46 | n /= 10; | |
47 | } | |
48 | @@ -244,7 +247,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { | |
49 | n = 10; | |
50 | tm.tm_min = 0; | |
51 | for(i = 0; i < 2; i++) { | |
52 | - XMLRPC_IS_NUMBER(text[i]) | |
53 | + XMLRPC_IS_NUMBER(text[i+12]) | |
54 | tm.tm_min += (text[i+12]-'0')*n; | |
55 | n /= 10; | |
56 | } | |
57 | @@ -252,7 +255,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) { | |
58 | n = 10; | |
59 | tm.tm_sec = 0; | |
60 | for(i = 0; i < 2; i++) { | |
61 | - XMLRPC_IS_NUMBER(text[i]) | |
62 | + XMLRPC_IS_NUMBER(text[i+15]) | |
63 | tm.tm_sec += (text[i+15]-'0')*n; | |
64 | n /= 10; | |
65 | } | |
66 | diff --git a/ext/xmlrpc/tests/bug68027.phpt b/ext/xmlrpc/tests/bug68027.phpt | |
67 | new file mode 100644 | |
68 | index 0000000..a5c96f1 | |
69 | --- /dev/null | |
70 | +++ b/ext/xmlrpc/tests/bug68027.phpt | |
71 | @@ -0,0 +1,44 @@ | |
72 | +--TEST-- | |
73 | +Bug #68027 (buffer overflow in mkgmtime() function) | |
74 | +--SKIPIF-- | |
75 | +<?php | |
76 | +if (!extension_loaded("xmlrpc")) print "skip"; | |
77 | +?> | |
78 | +--FILE-- | |
79 | +<?php | |
80 | + | |
81 | +$d = '6-01-01 20:00:00'; | |
82 | +xmlrpc_set_type($d, 'datetime'); | |
83 | +var_dump($d); | |
84 | +$datetime = "2001-0-08T21:46:40-0400"; | |
85 | +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>"); | |
86 | +print_r($obj); | |
87 | + | |
88 | +$datetime = "34770-0-08T21:46:40-0400"; | |
89 | +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>"); | |
90 | +print_r($obj); | |
91 | + | |
92 | +echo "Done\n"; | |
93 | +?> | |
94 | +--EXPECTF-- | |
95 | +object(stdClass)#1 (3) { | |
96 | + ["scalar"]=> | |
97 | + string(16) "6-01-01 20:00:00" | |
98 | + ["xmlrpc_type"]=> | |
99 | + string(8) "datetime" | |
100 | + ["timestamp"]=> | |
101 | + int(%d) | |
102 | +} | |
103 | +stdClass Object | |
104 | +( | |
105 | + [scalar] => 2001-0-08T21:46:40-0400 | |
106 | + [xmlrpc_type] => datetime | |
107 | + [timestamp] => %s | |
108 | +) | |
109 | +stdClass Object | |
110 | +( | |
111 | + [scalar] => 34770-0-08T21:46:40-0400 | |
112 | + [xmlrpc_type] => datetime | |
113 | + [timestamp] => %d | |
114 | +) | |
115 | +Done | |
116 | -- | |
117 | 2.1.0 | |
118 |