diff options
author | Remi Collet <remi@php.net> | 2014-10-28 08:48:22 +0100 |
---|---|---|
committer | Remi Collet <remi@php.net> | 2014-10-28 08:48:22 +0100 |
commit | 13a218d3285f78812bb8a1d2214b9d6e166924b8 (patch) | |
tree | eae5f3df5d46eb5c44be4d3edd9b09e21573150d | |
parent | deadeeae1d08877021eb2796aa6790baa74361ed (diff) | |
download | php-git-13a218d3285f78812bb8a1d2214b9d6e166924b8.tar.gz |
Ensure we have enough input data before parsing date
This check have be removed in
http://git.php.net/?p=php-src.git;a=commit;h=ba2f87b50667f147c198abd31fc31eb09522f3d7
But the parser really need 17 char.
And the string need to be nul terminated for this check
So avoid reading random byte from memory.
-rw-r--r-- | ext/xmlrpc/libxmlrpc/xmlrpc.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c index b766a5495a..f184cf49ee 100644 --- a/ext/xmlrpc/libxmlrpc/xmlrpc.c +++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c @@ -201,9 +201,13 @@ static int date_from_ISO8601 (const char *text, time_t * value) { } p++; } - text = buf; + *p2 = 0; + text = buf; } + if (strlen(text)<17) { + return -1; + } tm.tm_isdst = -1; |