PHP :: Bug #68027

Return to Bug #68027
Patch fix-date-parsing	revision 2014-09-29 23:52 UTC by stas@php.net revision 2014-09-29 00:34 UTC by stas@php.net

Patch fix-date-parsing for *General Issues Bug #68027

Patch version 2014-09-29 00:34 UTC

Return to Bug #68027 | Download this patch

This patch is obsolete

Obsoleted by patches:

fix-date-parsing, revision 2014-09-29 23:52 UTC

Patch Revisions: 2014-09-29 23:52 UTC | 2014-09-29 00:34 UTC

Developer: stas@php.net


 commit a89b63446246e6718e17c139566a4535f18be3c2
 commit ac82294f535aa03005f1de998d628b390741560f
  Author: Stanislav Malyshev <stas@php.net>
  Date:   Sun Sep 28 17:33:44 2014 -0700
  
      Fix bug #68027 - fix date parsing in XMLRPC lib
  
  diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c
 index ce70c2a..b766a54 100644
 index ce70c2a..4c84414 100644
  --- a/ext/xmlrpc/libxmlrpc/xmlrpc.c
  +++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c
  @@ -219,16 +219,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
      n = 10;


         tm.tm_mon += (text[i+4]-'0')*n;
         n /= 10;
      }
      tm.tm_mon --;
 +   if(tm.tm_mon < 0 || tm.tm_mon > 11) {
 +   if(tm.tm_mon > 11) {
  +       return -1;
  +   }
   
      n = 10;


         n /= 10;
      }
  diff --git a/ext/xmlrpc/tests/bug68027.phpt b/ext/xmlrpc/tests/bug68027.phpt
  new file mode 100644
 index 0000000..a5c96f1
 index 0000000..d1f1fdc
  --- /dev/null
  +++ b/ext/xmlrpc/tests/bug68027.phpt
 @@ -0,0 +1,44 @@
 @@ -0,0 +1,34 @@
  +--TEST--
  +Bug #68027 (buffer overflow in mkgmtime() function)
  +--SKIPIF--
  +<?php
Line 75 (now 75), was 12 lines, now 8 lines

  +$d = '6-01-01 20:00:00';
  +xmlrpc_set_type($d, 'datetime');
  +var_dump($d);
  +$datetime = "2001-0-08T21:46:40-0400";
 +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
 +print_r($obj);
 +
 +$datetime = "34770-0-08T21:46:40-0400";
  +$obj = xmlrpc_decode("<?xml version=\"1.0\"?><methodResponse><params><param><value><dateTime.iso8601>$datetime</dateTime.iso8601></value></param></params></methodResponse>");
  +print_r($obj);
  +
  +echo "Done\n";
Line 95 (now 91), was 15 lines, now 9 lines

  +  int(%d)
  +}
  +stdClass Object
  +(
 +    [scalar] => 2001-0-08T21:46:40-0400
 +    [xmlrpc_type] => datetime
 +    [timestamp] => %s
 +)
 +stdClass Object
 +(
 +    [scalar] => 34770-0-08T21:46:40-0400
 +    [scalar] => 2001-0-08T21:46:40-0400
  +    [xmlrpc_type] => datetime
 +    [timestamp] => %d
 +    [timestamp] => %s
  +)
  +Done

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 16:01:28 2024 UTC