|
 |
af9dc8 |
From 88412772d295ebf7dd34409534507dc9bcac726e Mon Sep 17 00:00:00 2001
|
|
|
af9dc8 |
From: Stanislav Malyshev <stas@php.net>
|
|
|
af9dc8 |
Date: Sun, 28 Sep 2014 17:33:44 -0700
|
|
|
af9dc8 |
Subject: [PATCH] Fix bug #68027 - fix date parsing in XMLRPC lib
|
|
|
af9dc8 |
|
|
|
af9dc8 |
---
|
|
|
af9dc8 |
NEWS | 5 ++++-
|
|
|
af9dc8 |
ext/xmlrpc/libxmlrpc/xmlrpc.c | 13 ++++++++-----
|
|
|
af9dc8 |
ext/xmlrpc/tests/bug68027.phpt | 44 ++++++++++++++++++++++++++++++++++++++++++
|
|
|
af9dc8 |
3 files changed, 56 insertions(+), 6 deletions(-)
|
|
|
af9dc8 |
create mode 100644 ext/xmlrpc/tests/bug68027.phpt
|
|
|
af9dc8 |
|
|
|
af9dc8 |
diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c
|
|
|
af9dc8 |
index ce70c2a..b766a54 100644
|
|
|
af9dc8 |
--- a/ext/xmlrpc/libxmlrpc/xmlrpc.c
|
|
|
af9dc8 |
+++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c
|
|
|
af9dc8 |
@@ -219,16 +219,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
|
|
af9dc8 |
n = 10;
|
|
|
af9dc8 |
tm.tm_mon = 0;
|
|
|
af9dc8 |
for(i = 0; i < 2; i++) {
|
|
|
af9dc8 |
- XMLRPC_IS_NUMBER(text[i])
|
|
|
af9dc8 |
+ XMLRPC_IS_NUMBER(text[i+4])
|
|
|
af9dc8 |
tm.tm_mon += (text[i+4]-'0')*n;
|
|
|
af9dc8 |
n /= 10;
|
|
|
af9dc8 |
}
|
|
|
af9dc8 |
tm.tm_mon --;
|
|
|
af9dc8 |
+ if(tm.tm_mon < 0 || tm.tm_mon > 11) {
|
|
|
af9dc8 |
+ return -1;
|
|
|
af9dc8 |
+ }
|
|
|
af9dc8 |
|
|
|
af9dc8 |
n = 10;
|
|
|
af9dc8 |
tm.tm_mday = 0;
|
|
|
af9dc8 |
for(i = 0; i < 2; i++) {
|
|
|
af9dc8 |
- XMLRPC_IS_NUMBER(text[i])
|
|
|
af9dc8 |
+ XMLRPC_IS_NUMBER(text[i+6])
|
|
|
af9dc8 |
tm.tm_mday += (text[i+6]-'0')*n;
|
|
|
af9dc8 |
n /= 10;
|
|
|
af9dc8 |
}
|
|
|
af9dc8 |
@@ -236,7 +239,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
|
|
af9dc8 |
n = 10;
|
|
|
af9dc8 |
tm.tm_hour = 0;
|
|
|
af9dc8 |
for(i = 0; i < 2; i++) {
|
|
|
af9dc8 |
- XMLRPC_IS_NUMBER(text[i])
|
|
|
af9dc8 |
+ XMLRPC_IS_NUMBER(text[i+9])
|
|
|
af9dc8 |
tm.tm_hour += (text[i+9]-'0')*n;
|
|
|
af9dc8 |
n /= 10;
|
|
|
af9dc8 |
}
|
|
|
af9dc8 |
@@ -244,7 +247,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
|
|
af9dc8 |
n = 10;
|
|
|
af9dc8 |
tm.tm_min = 0;
|
|
|
af9dc8 |
for(i = 0; i < 2; i++) {
|
|
|
af9dc8 |
- XMLRPC_IS_NUMBER(text[i])
|
|
|
af9dc8 |
+ XMLRPC_IS_NUMBER(text[i+12])
|
|
|
af9dc8 |
tm.tm_min += (text[i+12]-'0')*n;
|
|
|
af9dc8 |
n /= 10;
|
|
|
af9dc8 |
}
|
|
|
af9dc8 |
@@ -252,7 +255,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
|
|
af9dc8 |
n = 10;
|
|
|
af9dc8 |
tm.tm_sec = 0;
|
|
|
af9dc8 |
for(i = 0; i < 2; i++) {
|
|
|
af9dc8 |
- XMLRPC_IS_NUMBER(text[i])
|
|
|
af9dc8 |
+ XMLRPC_IS_NUMBER(text[i+15])
|
|
|
af9dc8 |
tm.tm_sec += (text[i+15]-'0')*n;
|
|
|
af9dc8 |
n /= 10;
|
|
|
af9dc8 |
}
|
|
|
af9dc8 |
diff --git a/ext/xmlrpc/tests/bug68027.phpt b/ext/xmlrpc/tests/bug68027.phpt
|
|
|
af9dc8 |
new file mode 100644
|
|
|
af9dc8 |
index 0000000..a5c96f1
|
|
|
af9dc8 |
--- /dev/null
|
|
|
af9dc8 |
+++ b/ext/xmlrpc/tests/bug68027.phpt
|
|
|
af9dc8 |
@@ -0,0 +1,44 @@
|
|
|
af9dc8 |
+--TEST--
|
|
|
af9dc8 |
+Bug #68027 (buffer overflow in mkgmtime() function)
|
|
|
af9dc8 |
+--SKIPIF--
|
|
|
af9dc8 |
+
|
|
|
af9dc8 |
+if (!extension_loaded("xmlrpc")) print "skip";
|
|
|
af9dc8 |
+?>
|
|
|
af9dc8 |
+--FILE--
|
|
|
af9dc8 |
+
|
|
|
af9dc8 |
+
|
|
|
af9dc8 |
+$d = '6-01-01 20:00:00';
|
|
|
af9dc8 |
+xmlrpc_set_type($d, 'datetime');
|
|
|
af9dc8 |
+var_dump($d);
|
|
|
af9dc8 |
+$datetime = "2001-0-08T21:46:40-0400";
|
|
|
af9dc8 |
+$obj = xmlrpc_decode("<methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
|
|
|
af9dc8 |
+print_r($obj);
|
|
|
af9dc8 |
+
|
|
|
af9dc8 |
+$datetime = "34770-0-08T21:46:40-0400";
|
|
|
af9dc8 |
+$obj = xmlrpc_decode("<methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
|
|
|
af9dc8 |
+print_r($obj);
|
|
|
af9dc8 |
+
|
|
|
af9dc8 |
+echo "Done\n";
|
|
|
af9dc8 |
+?>
|
|
|
af9dc8 |
+--EXPECTF--
|
|
|
af9dc8 |
+object(stdClass)#1 (3) {
|
|
|
af9dc8 |
+ ["scalar"]=>
|
|
|
af9dc8 |
+ string(16) "6-01-01 20:00:00"
|
|
|
af9dc8 |
+ ["xmlrpc_type"]=>
|
|
|
af9dc8 |
+ string(8) "datetime"
|
|
|
af9dc8 |
+ ["timestamp"]=>
|
|
|
af9dc8 |
+ int(%d)
|
|
|
af9dc8 |
+}
|
|
|
af9dc8 |
+stdClass Object
|
|
|
af9dc8 |
+(
|
|
|
af9dc8 |
+ [scalar] => 2001-0-08T21:46:40-0400
|
|
|
af9dc8 |
+ [xmlrpc_type] => datetime
|
|
|
af9dc8 |
+ [timestamp] => %s
|
|
|
af9dc8 |
+)
|
|
|
af9dc8 |
+stdClass Object
|
|
|
af9dc8 |
+(
|
|
|
af9dc8 |
+ [scalar] => 34770-0-08T21:46:40-0400
|
|
|
af9dc8 |
+ [xmlrpc_type] => datetime
|
|
|
af9dc8 |
+ [timestamp] => %d
|
|
|
af9dc8 |
+)
|
|
|
af9dc8 |
+Done
|
|
|
af9dc8 |
--
|
|
|
af9dc8 |
2.1.0
|
|
|
af9dc8 |
|