mirror of
https://github.com/php/php-src.git
synced 2024-09-23 19:07:26 +00:00
MFB: Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
values).
This commit is contained in:
parent
99dac437ea
commit
c701d46a4b
@ -43,6 +43,9 @@ static const char rcsid[] = "#(@) $Id$";
|
||||
* 9/1999 - 10/2000
|
||||
* HISTORY
|
||||
* $Log$
|
||||
* Revision 1.11 2007/06/07 09:07:12 tony2001
|
||||
* php_localtime_r() checks
|
||||
*
|
||||
* Revision 1.10 2007/01/01 09:29:33 sebastian
|
||||
* Bump year.
|
||||
*
|
||||
@ -176,7 +179,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
||||
}
|
||||
p++;
|
||||
}
|
||||
text = buf;
|
||||
text = buf;
|
||||
}
|
||||
|
||||
|
||||
@ -186,15 +189,19 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
#define XMLRPC_IS_NUMBER(x) if (x < '0' || x > '9') return -1;
|
||||
|
||||
n = 1000;
|
||||
tm.tm_year = 0;
|
||||
for(i = 0; i < 4; i++) {
|
||||
XMLRPC_IS_NUMBER(text[i])
|
||||
tm.tm_year += (text[i]-'0')*n;
|
||||
n /= 10;
|
||||
}
|
||||
n = 10;
|
||||
tm.tm_mon = 0;
|
||||
for(i = 0; i < 2; i++) {
|
||||
XMLRPC_IS_NUMBER(text[i])
|
||||
tm.tm_mon += (text[i+4]-'0')*n;
|
||||
n /= 10;
|
||||
}
|
||||
@ -203,6 +210,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
||||
n = 10;
|
||||
tm.tm_mday = 0;
|
||||
for(i = 0; i < 2; i++) {
|
||||
XMLRPC_IS_NUMBER(text[i])
|
||||
tm.tm_mday += (text[i+6]-'0')*n;
|
||||
n /= 10;
|
||||
}
|
||||
@ -210,6 +218,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
||||
n = 10;
|
||||
tm.tm_hour = 0;
|
||||
for(i = 0; i < 2; i++) {
|
||||
XMLRPC_IS_NUMBER(text[i])
|
||||
tm.tm_hour += (text[i+9]-'0')*n;
|
||||
n /= 10;
|
||||
}
|
||||
@ -217,6 +226,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
||||
n = 10;
|
||||
tm.tm_min = 0;
|
||||
for(i = 0; i < 2; i++) {
|
||||
XMLRPC_IS_NUMBER(text[i])
|
||||
tm.tm_min += (text[i+12]-'0')*n;
|
||||
n /= 10;
|
||||
}
|
||||
@ -224,6 +234,7 @@ static int date_from_ISO8601 (const char *text, time_t * value) {
|
||||
n = 10;
|
||||
tm.tm_sec = 0;
|
||||
for(i = 0; i < 2; i++) {
|
||||
XMLRPC_IS_NUMBER(text[i])
|
||||
tm.tm_sec += (text[i+15]-'0')*n;
|
||||
n /= 10;
|
||||
}
|
||||
|
15
ext/xmlrpc/tests/bug42189.phpt
Normal file
15
ext/xmlrpc/tests/bug42189.phpt
Normal file
@ -0,0 +1,15 @@
|
||||
--TEST--
|
||||
Bug #42189 (xmlrpc_get_type() crashes PHP on invalid dates)
|
||||
--SKIPIF--
|
||||
<?php if (!extension_loaded("xmlrpc")) print "skip"; ?>
|
||||
--FILE--
|
||||
<?php
|
||||
$a = '~~~~~~~~~~~~~~~~~~';
|
||||
$ok = xmlrpc_set_type($a, 'datetime');
|
||||
var_dump($ok);
|
||||
|
||||
echo "Done\n";
|
||||
?>
|
||||
--EXPECT--
|
||||
bool(false)
|
||||
Done
|
@ -1313,8 +1313,12 @@ int set_zval_xmlrpc_type(zval* value, XMLRPC_VALUE_TYPE newtype) /* {{{ */
|
||||
if(SUCCESS == zend_hash_update(Z_OBJPROP_P(value), OBJECT_TYPE_ATTR, sizeof(OBJECT_TYPE_ATTR), (void *) &type, sizeof(zval *), NULL)) {
|
||||
bSuccess = zend_hash_update(Z_OBJPROP_P(value), OBJECT_VALUE_TS_ATTR, sizeof(OBJECT_VALUE_TS_ATTR), (void *) &ztimestamp, sizeof(zval *), NULL);
|
||||
}
|
||||
} else {
|
||||
zval_ptr_dtor(&type);
|
||||
}
|
||||
XMLRPC_CleanupValue(v);
|
||||
} else {
|
||||
zval_ptr_dtor(&type);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
Loading…
Reference in New Issue
Block a user