mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-15 20:03:57 +02:00
50 lines
1.6 KiB
Diff
50 lines
1.6 KiB
Diff
|
|
SECURITY: CVE-2021-35940 (cve.mitre.org)
|
|
|
|
Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
|
|
was addressed in 1.6.x in 1.6.3 and later via r1807976.
|
|
|
|
The fix was merged back to 1.7.x in r1891198.
|
|
|
|
Since this was a regression in 1.7.0, a new CVE name has been assigned
|
|
to track this, CVE-2021-35940.
|
|
|
|
Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
|
|
|
|
https://svn.apache.org/viewvc?view=revision&revision=1891198
|
|
|
|
--- a/time/unix/time.c
|
|
+++ b/time/unix/time.c
|
|
@@ -142,6 +142,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_g
|
|
static const int dayoffset[12] =
|
|
{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
|
|
|
|
+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
|
|
+ return APR_EBADDATE;
|
|
+
|
|
/* shift new year to 1st March in order to make leap year calc easy */
|
|
|
|
if (xt->tm_mon < 2)
|
|
--- a/time/win32/time.c
|
|
+++ b/time/win32/time.c
|
|
@@ -54,6 +54,9 @@ static void SystemTimeToAprExpTime(apr_t
|
|
static const int dayoffset[12] =
|
|
{0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
|
|
|
|
+ if (tm->wMonth < 1 || tm->wMonth > 12)
|
|
+ return APR_EBADDATE;
|
|
+
|
|
/* Note; the caller is responsible for filling in detailed tm_usec,
|
|
* tm_gmtoff and tm_isdst data when applicable.
|
|
*/
|
|
@@ -228,6 +231,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_g
|
|
static const int dayoffset[12] =
|
|
{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
|
|
|
|
+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
|
|
+ return APR_EBADDATE;
|
|
+
|
|
/* shift new year to 1st March in order to make leap year calc easy */
|
|
|
|
if (xt->tm_mon < 2)
|