php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #68027
Patch fix-date-parsing revision 2014-09-29 23:52 UTC by stas@php.net
revision 2014-09-29 00:34 UTC by stas@php.net

Patch fix-date-parsing for *General Issues Bug #68027

Patch version 2014-09-29 23:52 UTC

Return to Bug #68027 | Download this patch
This patch renders other patches obsolete

Obsolete patches:

Patch Revisions: 2014-09-29 23:52 UTC | 2014-09-29 00:34 UTC

Developer: stas@php.net


 commit ac82294f535aa03005f1de998d628b390741560f
 commit a89b63446246e6718e17c139566a4535f18be3c2
  Author: Stanislav Malyshev <stas@php.net>
  Date:   Sun Sep 28 17:33:44 2014 -0700
  
      Fix bug #68027 - fix date parsing in XMLRPC lib
  
  diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c
 index ce70c2a..4c84414 100644
 index ce70c2a..b766a54 100644
  --- a/ext/xmlrpc/libxmlrpc/xmlrpc.c
  +++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c
  @@ -219,16 +219,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
      n = 10;


         tm.tm_mon += (text[i+4]-'0')*n;
         n /= 10;
      }
      tm.tm_mon --;
 +   if(tm.tm_mon > 11) {
 +   if(tm.tm_mon < 0 || tm.tm_mon > 11) {
  +       return -1;
  +   }
   
      n = 10;


         n /= 10;
      }
  diff --git a/ext/xmlrpc/tests/bug68027.phpt b/ext/xmlrpc/tests/bug68027.phpt
  new file mode 100644
 index 0000000..d1f1fdc
 index 0000000..a5c96f1
  --- /dev/null
  +++ b/ext/xmlrpc/tests/bug68027.phpt
 @@ -0,0 +1,34 @@
 @@ -0,0 +1,44 @@
  +--TEST--
  +Bug #68027 (buffer overflow in mkgmtime() function)
  +--SKIPIF--
  +<?php


  +$d = '6-01-01 20:00:00';
  +xmlrpc_set_type($d, 'datetime');
  +var_dump($d);
  +$datetime = "2001-0-08T21:46:40-0400";
 +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
 +print_r($obj);
 +
 +$datetime = "34770-0-08T21:46:40-0400";
  +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
  +print_r($obj);
  +
  +echo "Done\n";


  +  int(%d)
  +}
  +stdClass Object
  +(
 +    [scalar] => 2001-0-08T21:46:40-0400
 +    [scalar] => 2001-0-08T21:46:40-0400
 +    [xmlrpc_type] => datetime
 +    [timestamp] => %s
 +)
 +stdClass Object
 +(
 +    [scalar] => 34770-0-08T21:46:40-0400
  +    [xmlrpc_type] => datetime
 +    [timestamp] => %s
 +    [timestamp] => %d
  +)
  +Done
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Aug 12 07:01:25 2020 UTC