From 13a218d3285f78812bb8a1d2214b9d6e166924b8 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Tue, 28 Oct 2014 08:48:22 +0100
Subject: Ensure we have enough input data before parsing date

This check have be removed in
http://git.php.net/?p=php-src.git;a=commit;h=ba2f87b50667f147c198abd31fc31eb09522f3d7
But the parser really need 17 char.
And the string need to be nul terminated for this check
So avoid reading random byte from memory.
---
 ext/xmlrpc/libxmlrpc/xmlrpc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ext/xmlrpc')

diff --git a/ext/xmlrpc/libxmlrpc/xmlrpc.c b/ext/xmlrpc/libxmlrpc/xmlrpc.c
index b766a5495a..f184cf49ee 100644
--- a/ext/xmlrpc/libxmlrpc/xmlrpc.c
+++ b/ext/xmlrpc/libxmlrpc/xmlrpc.c
@@ -201,9 +201,13 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
 			}
 			p++;
 		}
-			text = buf;
+		*p2 = 0;
+		text = buf;
 	}
 
+	if (strlen(text)<17) {
+		return -1;
+	}
 
    tm.tm_isdst = -1;
 
-- 
cgit v1.2.1