From 818964edc781d3f54dbc8bc7303463b00163a5ec Mon Sep 17 00:00:00 2001 From: Richard Russon Date: Sun, 1 Oct 2017 13:33:32 +0100 Subject: [PATCH] fix: add more range-checking on dates/times --- from.c | 8 ++++++++ lib/date.c | 15 ++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/from.c b/from.c index 17c09bc4a..5014d3931 100644 --- a/from.c +++ b/from.c @@ -134,6 +134,8 @@ int is_from(const char *s, char *path, size_t pathlen, time_t *tp) return 0; if (sscanf(s, "%d", &tm.tm_mday) != 1) return 0; + if ((tm.tm_mday < 1) || (tm.tm_mday > 31)) + return 0; /* time */ s = next_word(s); @@ -148,6 +150,10 @@ int is_from(const char *s, char *path, size_t pathlen, time_t *tp) else return 0; + if ((tm.tm_hour < 0) || (tm.tm_hour > 23) || (tm.tm_min < 0) || + (tm.tm_min > 59) || (tm.tm_sec < 0) || (tm.tm_sec > 60)) + return 0; + s = next_word(s); if (!*s) return 0; @@ -174,6 +180,8 @@ int is_from(const char *s, char *path, size_t pathlen, time_t *tp) /* year */ if (sscanf(s, "%d", &yr) != 1) return 0; + if ((yr < 0) || (yr > 9999)) + return 0; tm.tm_year = yr > 1900 ? yr - 1900 : (yr < 70 ? yr + 100 : yr); mutt_debug(3, "is_from(): month=%d, day=%d, hr=%d, min=%d, sec=%d, yr=%d.\n", diff --git a/lib/date.c b/lib/date.c index c6cd619c8..ae7e9c519 100644 --- a/lib/date.c +++ b/lib/date.c @@ -254,6 +254,14 @@ time_t mutt_mktime(struct tm *t, int local) if ((time_t) t->tm_year < (TM_YEAR_MIN - 1900)) return TIME_T_MIN; + if ((t->tm_mday < 1) || (t->tm_mday > 31)) + return TIME_T_MIN; + if ((t->tm_hour < 0) || (t->tm_hour > 23) || (t->tm_min < 0) || + (t->tm_min > 59) || (t->tm_sec < 0) || (t->tm_sec > 60)) + return TIME_T_MIN; + if (t->tm_year > 9999) + return TIME_T_MAX; + /* Compute the number of days since January 1 in the same year */ g = AccumDaysPerMonth[t->tm_mon % 12]; @@ -479,7 +487,7 @@ time_t mutt_parse_date(const char *s, struct Tz *tz_out) case 1: /* month of the year */ i = mutt_check_month(t); - if (i < 0) + if ((i < 0) || (i > 11)) return -1; tm.tm_mon = i; break; @@ -487,6 +495,8 @@ time_t mutt_parse_date(const char *s, struct Tz *tz_out) case 2: /* year */ if ((mutt_atoi(t, &tm.tm_year) < 0) || (tm.tm_year < 0)) return -1; + if ((tm.tm_year < 0) || (tm.tm_year > 9999)) + return -1; if (tm.tm_year < 50) tm.tm_year += 100; else if (tm.tm_year >= 1900) @@ -503,6 +513,9 @@ time_t mutt_parse_date(const char *s, struct Tz *tz_out) mutt_debug(1, "parse_date: could not process time format: %s\n", t); return -1; } + if ((hour < 0) || (hour > 23) || (min < 0) || + (min > 59) || (sec < 0) || (sec > 60)) + return -1; tm.tm_hour = hour; tm.tm_min = min; tm.tm_sec = sec; -- 2.40.0