Hi all,
As part of https://issues.apache.org/bugzilla/show_bug.cgi?id=16521,
we currently accept dates that are trailed by extra characters without
complaining. The following patch marks such dates as APR_DATE_BAD.
Does this patch make sense?
Index: util-misc/apr_date.c
===================================================================
--- util-misc/apr_date.c (revision 1070137)
+++ util-misc/apr_date.c (working copy)
@@ -147,7 +147,8 @@
apr_time_exp_t ds;
apr_time_t result;
int mint, mon;
- const char *monstr, *timstr;
+ int time_len=12; /* "HH:MM:SS GMT" */
+ const char *monstr, *timstr = 0;
static const int months[12] =
{
('J' << 16) | ('a' << 8) | 'n', ('F' << 16) | ('e' << 8) | 'b',
@@ -214,6 +215,7 @@
monstr = date;
timstr = date + 7;
+ time_len = 13; /* HH:MM:SS YYYY */
}
else if (apr_date_checkmask(date, "# @$$ #### ##:##:## *")) {
/* RFC 1123 format with one day */
@@ -231,6 +233,17 @@
else
return APR_DATE_BAD;
+ /* Testing if the date has any junk characters at the end */
+ if (timstr && strlen(timstr) > time_len) {
+
+ date = timstr + time_len;
+
+ if (date && *date) {
+ return APR_DATE_BAD;
+ }
+
+ }
+
if (ds.tm_mday <= 0 || ds.tm_mday > 31)
return APR_DATE_BAD;
Regards,
Graham
--
