From 1abe533b3304619bd8c59f170097ab469af99dc9 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 8 Mar 2012 21:09:34 -0500 Subject: Reject an additional type of bad date in parse_http_time --- src/common/util.c | 5 ++++- src/test/test_util.c | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/common/util.c b/src/common/util.c index 391b02f34b..c44fe601e7 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1416,7 +1416,10 @@ parse_http_time(const char *date, struct tm *tm) /* First, try RFC1123 or RFC850 format: skip the weekday. */ if ((cp = strchr(date, ','))) { - cp += 2; + ++cp; + if (*cp != ' ') + return -1; + ++cp; if (tor_sscanf(cp, "%2u %3s %4u %2u:%2u:%2u GMT", &tm_mday, month, &tm_year, &tm_hour, &tm_min, &tm_sec) == 6) { diff --git a/src/test/test_util.c b/src/test/test_util.c index 5845d779be..e239326a2d 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -101,6 +101,7 @@ test_util_parse_http_time(void *arg) test_eq(-1, parse_http_time("Sunday, 32-Aug-94 00:48:22 GMT", &a_time)); test_eq(-1, parse_http_time("Sunday, 3-Ago-04 00:48:22", &a_time)); test_eq(-1, parse_http_time("Sunday, August the third", &a_time)); + test_eq(-1, parse_http_time("Wednesday,,04 Aug 1994 00:48:22 GMT", &a_time)); test_eq(0, parse_http_time("Wednesday, 04 Aug 1994 00:48:22 GMT", &a_time)); test_eq((time_t)775961302UL, tor_timegm(&a_time)); -- cgit v1.2.3-54-g00ecf