From 96a80b5a262fb6dd2ddcea7987296f3b9a405618 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 4 Oct 2016 16:59:38 +0200
Subject: parsedate: handle cut off numbers better
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

... and don't read outside of the given buffer!

CVE-2016-8621

bug: https://curl.haxx.se/docs/adv_20161102G.html
Reported-by: Luật Nguyễn
---
 tests/libtest/lib517.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'tests/libtest')

diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
index 2f68ebd24..22162ff1e 100644
--- a/tests/libtest/lib517.c
+++ b/tests/libtest/lib517.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -116,6 +116,12 @@ static const char * const dates[]={
   "20111323 12:34:56",
   "20110623 12:34:79",
   "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */
+  "20110623 12:3",
+  "20110623 1:3",
+  "20110623 1:30",
+  "20110623 12:12:3",
+  "20110623 01:12:3",
+  "20110623 01:99:30",
   NULL
 };
 
-- 
cgit v1.2.3