From 96a80b5a262fb6dd2ddcea7987296f3b9a405618 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 4 Oct 2016 16:59:38 +0200
Subject: parsedate: handle cut off numbers better
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

... and don't read outside of the given buffer!

CVE-2016-8621

bug: https://curl.haxx.se/docs/adv_20161102G.html
Reported-by: Luật Nguyễn
---
 tests/data/test517 | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tests/data/test517')

diff --git a/tests/data/test517 b/tests/data/test517
index c81a45e0a..513634f15 100644
--- a/tests/data/test517
+++ b/tests/data/test517
@@ -116,6 +116,12 @@ nothing
 81: 20111323 12:34:56 => -1
 82: 20110623 12:34:79 => -1
 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000
+84: 20110623 12:3 => 1308830580
+85: 20110623 1:3 => 1308790980
+86: 20110623 1:30 => 1308792600
+87: 20110623 12:12:3 => 1308831123
+88: 20110623 01:12:3 => 1308791523
+89: 20110623 01:99:30 => -1
 </stdout>
 
 # This test case previously tested an overflow case ("2094 Nov 6 =>
-- 
cgit v1.2.3