35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From deee944f9a12c9fd399ce52f3e2526bb573a9470 Mon Sep 17 00:00:00 2001
|
|
From: Alex Rousskov <rousskov@measurement-factory.com>
|
|
Date: Wed, 25 Oct 2023 19:41:45 +0000
|
|
Subject: [PATCH] RFC 1123: Fix date parsing (#1538)
|
|
|
|
The bug was discovered and detailed by Joshua Rogers at
|
|
https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
|
|
where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
|
|
Handling".
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470
|
|
---
|
|
src/time/rfc1123.cc | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/src/time/rfc1123.cc b/src/time/rfc1123.cc
|
|
index d89d22262f6..7524959edb0 100644
|
|
--- a/src/time/rfc1123.cc
|
|
+++ b/src/time/rfc1123.cc
|
|
@@ -50,7 +50,13 @@ make_month(const char *s)
|
|
char month[3];
|
|
|
|
month[0] = xtoupper(*s);
|
|
+ if (!month[0])
|
|
+ return -1; // protects *(s + 1) below
|
|
+
|
|
month[1] = xtolower(*(s + 1));
|
|
+ if (!month[1])
|
|
+ return -1; // protects *(s + 2) below
|
|
+
|
|
month[2] = xtolower(*(s + 2));
|
|
|
|
for (i = 0; i < 12; i++)
|