From 96a80b5a262fb6dd2ddcea7987296f3b9a405618 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 4 Oct 2016 16:59:38 +0200 Subject: parsedate: handle cut off numbers better MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... and don't read outside of the given buffer! CVE-2016-8621 bug: https://curl.haxx.se/docs/adv_20161102G.html Reported-by: Luật Nguyễn --- tests/data/test517 | 6 ++++++ tests/libtest/lib517.c | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/data/test517 b/tests/data/test517 index c81a45e0a..513634f15 100644 --- a/tests/data/test517 +++ b/tests/data/test517 @@ -116,6 +116,12 @@ nothing 81: 20111323 12:34:56 => -1 82: 20110623 12:34:79 => -1 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000 +84: 20110623 12:3 => 1308830580 +85: 20110623 1:3 => 1308790980 +86: 20110623 1:30 => 1308792600 +87: 20110623 12:12:3 => 1308831123 +88: 20110623 01:12:3 => 1308791523 +89: 20110623 01:99:30 => -1 # This test case previously tested an overflow case ("2094 Nov 6 => diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c index 2f68ebd24..22162ff1e 100644 --- a/tests/libtest/lib517.c +++ b/tests/libtest/lib517.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -116,6 +116,12 @@ static const char * const dates[]={ "20111323 12:34:56", "20110623 12:34:79", "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */ + "20110623 12:3", + "20110623 1:3", + "20110623 1:30", + "20110623 12:12:3", + "20110623 01:12:3", + "20110623 01:99:30", NULL }; -- cgit v1.2.3