Improve date validation in HTTP headers

Check all date/time values passed to tor_timegm and parse_rfc1123_time for validity, taking leap years into account. Improves HTTP header validation. Avoid unlikely signed integer overflow in tor_timegm on systems with 32-bit time_t. Fixes bug 13476.
author: teor <teor2345@gmail.com> 2014-10-20 02:40:27 +1100
committer: teor <teor2345@gmail.com> 2014-10-20 02:40:27 +1100
commit: 238b8eaa60953a4d716ece484aaaca841b46c614 (patch)
tree: d8cd98dbb5be5ad1a66542fcfc03359435e034ff /changes
parent: dd556fb1e6002a0ca3c4560ecb8545696a82e0b9 (diff)
download: tor-238b8eaa60953a4d716ece484aaaca841b46c614.tar.gz
tor-238b8eaa60953a4d716ece484aaaca841b46c614.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug13476-improve-time-handling b/changes/bug13476-improve-time-handling
index 3c50853c28..68dc3e695b 100644
--- a/changes/bug13476-improve-time-handling
+++ b/changes/bug13476-improve-time-handling
@@ -2,3 +2,11 @@
     - Set the correct day of year value when the system's localtime(_r)
       or gmtime(_r) functions fail to set struct tm.
       Fixes bug 13476.
+    - Avoid unlikely signed integer overflow in tor_timegm on systems with
+      32-bit time_t.
+      Fixes bug 13476.
+  o Minor enhancements (validation):
+    - Check all date/time values passed to tor_timegm and parse_rfc1123_time
+      for validity, taking leap years into account.
+      Improves HTTP header validation.
+      Implemented with bug 13476.
author	teor <teor2345@gmail.com>	2014-10-20 02:40:27 +1100
committer	teor <teor2345@gmail.com>	2014-10-20 02:40:27 +1100
commit	238b8eaa60953a4d716ece484aaaca841b46c614 (patch)
tree	d8cd98dbb5be5ad1a66542fcfc03359435e034ff /changes
parent	dd556fb1e6002a0ca3c4560ecb8545696a82e0b9 (diff)
download	tor-238b8eaa60953a4d716ece484aaaca841b46c614.tar.gz tor-238b8eaa60953a4d716ece484aaaca841b46c614.zip