diff options
| author | Yang Tse <yangsita@gmail.com> | 2012-03-22 15:53:03 +0100 |
|---|---|---|
| committer | Yang Tse <yangsita@gmail.com> | 2012-03-22 15:54:34 +0100 |
| commit | e8a32438c24f2e67944666ff22dbbba829ccaf2a (patch) | |
| tree | 21d0be584871ed01b14343ae9b1a74ee22d27a3a | |
| parent | 97b66ebefe2090aea734af57c5e7e182a97f20bb (diff) | |
| download | gnurl-e8a32438c24f2e67944666ff22dbbba829ccaf2a.tar.gz gnurl-e8a32438c24f2e67944666ff22dbbba829ccaf2a.tar.bz2 gnurl-e8a32438c24f2e67944666ff22dbbba829ccaf2a.zip | |
parsedate.c: fix a numeric overflow
| -rw-r--r-- | lib/parsedate.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/lib/parsedate.c b/lib/parsedate.c index ec60e78e7..b6079bc8f 100644 --- a/lib/parsedate.c +++ b/lib/parsedate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -75,6 +75,10 @@ #include "setup.h" +#ifdef HAVE_LIMITS_H +#include <limits.h> +#endif + #include <curl/curl.h> #include "rawstr.h" #include "warnless.h" @@ -392,7 +396,24 @@ static int parsedate(const char *date, time_t *output) secnum = 0; } else { - val = curlx_sltosi(strtol(date, &end, 10)); + long lval; + int error; + int old_errno; + + old_errno = ERRNO; + SET_ERRNO(0); + lval = strtol(date, &end, 10); + error = ERRNO; + if(error != old_errno) + SET_ERRNO(old_errno); + + if(error) + return PARSEDATE_FAIL; + + if((lval > (long)INT_MAX) || (lval < (long)INT_MIN)) + return PARSEDATE_FAIL; + + val = curlx_sltosi(lval); if((tzoff == -1) && ((end - date) == 4) && |