From 0c2bd2e660a3bdd4a443a51132b65db272819acd Mon Sep 17 00:00:00 2001
From: "William M. Brack" <wbrack@src.gnome.org>
Date: Sat, 18 Sep 2004 06:18:55 +0000
Subject: [PATCH] enhanced validation of date-time to catch bit-field overflow
 (bug 152836)

* libexslt/date.c: enhanced validation of date-time to catch
  bit-field overflow (bug 152836)
* tests/exslt/date/date.2.*, tests/exslt/time.2.*: added test
  cases for above
---
 ChangeLog                   |  7 ++++++
 libexslt/date.c             | 38 +++++++++++++++----------------
 tests/exslt/date/date.2.out | 36 ++++++++++++++++++++++++++++++
 tests/exslt/date/date.2.xml |  2 ++
 tests/exslt/date/time.2.out | 54 +++++++++++++++++++++++++++++++++++++++++++++
 tests/exslt/date/time.2.xml |  3 +++
 6 files changed, 120 insertions(+), 20 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 66dc945..87ae6ed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Fri Sep 17 23:15:33 PDT 2004 William Brack <wbrack@mmm.com.hk>
+
+	* libexslt/date.c: enhanced validation of date-time to catch
+	  bit-field overflow (bug 152836)
+	* tests/exslt/date/date.2.*, tests/exslt/time.2.*: added test
+	  cases for above
+
 Tue Sep  7 18:04:55 PDT 2004 William Brack <wbrack@mmm.com.hk>
 
 	* libxslt/numbers.c: further refinement to UTF8 pattern
diff --git a/libexslt/date.c b/libexslt/date.c
index 64c34a5..8863fa7 100644
--- a/libexslt/date.c
+++ b/libexslt/date.c
@@ -132,6 +132,7 @@ struct _exsltDateVal {
 #define IS_TZO_CHAR(c)						\
 	((c == 0) || (c == 'Z') || (c == '+') || (c == '-'))
 
+#define VALID_ALWAYS(num)	(num >= 0)
 #define VALID_YEAR(yr)          (yr != 0)
 #define VALID_MONTH(mon)        ((mon >= 1) && (mon <= 12))
 /* VALID_DAY should only be used when month is unknown */
@@ -277,6 +278,7 @@ _exsltDateParseGYear (exsltDateValDatePtr dt, const xmlChar **str)
  * PARSE_2_DIGITS:
  * @num:  the integer to fill in
  * @cur:  an #xmlChar *
+ * @func: validation function for the number
  * @invalid: an integer
  *
  * Parses a 2-digits integer and updates @num with the value. @cur is
@@ -284,12 +286,18 @@ _exsltDateParseGYear (exsltDateValDatePtr dt, const xmlChar **str)
  * In case of error, @invalid is set to %TRUE, values of @num and
  * @cur are undefined.
  */
-#define PARSE_2_DIGITS(num, cur, invalid)			\
+#define PARSE_2_DIGITS(num, cur, func, invalid)			\
 	if ((cur[0] < '0') || (cur[0] > '9') ||			\
 	    (cur[1] < '0') || (cur[1] > '9'))			\
 	    invalid = 1;					\
-	else							\
-	    num = (cur[0] - '0') * 10 + (cur[1] - '0');		\
+	else {							\
+	    int val;						\
+	    val = (cur[0] - '0') * 10 + (cur[1] - '0');		\
+	    if (!func(val))					\
+	        invalid = 2;					\
+	    else						\
+	        num = val;					\
+	}							\
 	cur += 2;
 
 /**
@@ -319,7 +327,7 @@ _exsltDateParseGYear (exsltDateValDatePtr dt, const xmlChar **str)
  * @cur are undefined.
  */
 #define PARSE_FLOAT(num, cur, invalid)				\
-	PARSE_2_DIGITS(num, cur, invalid);			\
+	PARSE_2_DIGITS(num, cur, VALID_ALWAYS, invalid);	\
 	if (!invalid && (*cur == '.')) {			\
 	    double mult = 1;				        \
 	    cur++;						\
@@ -372,13 +380,10 @@ _exsltDateParseGMonth (exsltDateValDatePtr dt, const xmlChar **str)
     const xmlChar *cur = *str;
     int ret = 0;
 
-    PARSE_2_DIGITS(dt->mon, cur, ret);
+    PARSE_2_DIGITS(dt->mon, cur, VALID_MONTH, ret);
     if (ret != 0)
 	return ret;
 
-    if (!VALID_MONTH(dt->mon))
-	return 2;
-
     *str = cur;
 
 #ifdef DEBUG_EXSLT_DATE
@@ -417,13 +422,10 @@ _exsltDateParseGDay (exsltDateValDatePtr dt, const xmlChar **str)
     const xmlChar *cur = *str;
     int ret = 0;
 
-    PARSE_2_DIGITS(dt->day, cur, ret);
+    PARSE_2_DIGITS(dt->day, cur, VALID_DAY, ret);
     if (ret != 0)
 	return ret;
 
-    if (!VALID_DAY(dt->day))
-	return 2;
-
     *str = cur;
 
 #ifdef DEBUG_EXSLT_DATE
@@ -481,7 +483,7 @@ _exsltDateParseTime (exsltDateValDatePtr dt, const xmlChar **str)
     unsigned int hour = 0; /* use temp var in case str is not xs:time */
     int ret = 0;
 
-    PARSE_2_DIGITS(hour, cur, ret);
+    PARSE_2_DIGITS(hour, cur, VALID_HOUR, ret);
     if (ret != 0)
 	return ret;
 
@@ -492,7 +494,7 @@ _exsltDateParseTime (exsltDateValDatePtr dt, const xmlChar **str)
     /* the ':' insures this string is xs:time */
     dt->hour = hour;
 
-    PARSE_2_DIGITS(dt->min, cur, ret);
+    PARSE_2_DIGITS(dt->min, cur, VALID_MIN, ret);
     if (ret != 0)
 	return ret;
 
@@ -574,11 +576,9 @@ _exsltDateParseTimeZone (exsltDateValDatePtr dt, const xmlChar **str)
 
 	cur++;
 
-	PARSE_2_DIGITS(tmp, cur, ret);
+	PARSE_2_DIGITS(tmp, cur, VALID_HOUR, ret);
 	if (ret != 0)
 	    return ret;
-	if (!VALID_HOUR(tmp))
-	    return 2;
 
 	if (*cur != ':')
 	    return 1;
@@ -586,11 +586,9 @@ _exsltDateParseTimeZone (exsltDateValDatePtr dt, const xmlChar **str)
 
 	dt->tzo = tmp * 60;
 
-	PARSE_2_DIGITS(tmp, cur, ret);
+	PARSE_2_DIGITS(tmp, cur, VALID_MIN, ret);
 	if (ret != 0)
 	    return ret;
-	if (!VALID_MIN(tmp))
-	    return 2;
 
 	dt->tzo += tmp;
 	if (isneg)
diff --git a/tests/exslt/date/date.2.out b/tests/exslt/date/date.2.out
index bf52b7a..7c7c4cd 100644
--- a/tests/exslt/date/date.2.out
+++ b/tests/exslt/date/date.2.out
@@ -91,3 +91,39 @@
     hour-in-day          : NaN
     minute-in-hour       : NaN
     second-in-minute     : NaN
+  
+  Test Date : 0001-99-01
+    year                 : NaN
+    leap-year            : NaN
+    month-in-year        : NaN
+    month-name           : 
+    month-abbreviation   : 
+    week-in-year         : NaN
+    day-in-year          : NaN
+    day-in-month         : NaN
+    day-of-week-in-month : NaN
+    day-in-week          : NaN
+    day-name             : 
+    day-abbreviation     : 
+    time                 : 
+    hour-in-day          : NaN
+    minute-in-hour       : NaN
+    second-in-minute     : NaN
+  
+  Test Date : 0001-01-99
+    year                 : NaN
+    leap-year            : NaN
+    month-in-year        : NaN
+    month-name           : 
+    month-abbreviation   : 
+    week-in-year         : NaN
+    day-in-year          : NaN
+    day-in-month         : NaN
+    day-of-week-in-month : NaN
+    day-in-week          : NaN
+    day-name             : 
+    day-abbreviation     : 
+    time                 : 
+    hour-in-day          : NaN
+    minute-in-hour       : NaN
+    second-in-minute     : NaN
diff --git a/tests/exslt/date/date.2.xml b/tests/exslt/date/date.2.xml
index 183504b..2b0fb9a 100644
--- a/tests/exslt/date/date.2.xml
+++ b/tests/exslt/date/date.2.xml
@@ -7,5 +7,7 @@
   <date date="0001-12-32Z"/>
   <date date="0001-13-01"/>
   <date date="0001-11-00"/>
+  <date date="0001-99-01"/>
+  <date date="0001-01-99"/>
 </page>
 
diff --git a/tests/exslt/date/time.2.out b/tests/exslt/date/time.2.out
index 2a1ee01..e14b6f8 100644
--- a/tests/exslt/date/time.2.out
+++ b/tests/exslt/date/time.2.out
@@ -163,3 +163,57 @@
     hour-in-day          : NaN
     minute-in-hour       : NaN
     second-in-minute     : NaN
+  
+  Test Date : 99:00:00
+    year                 : NaN
+    leap-year            : NaN
+    month-in-year        : NaN
+    month-name           : 
+    month-abbreviation   : 
+    week-in-year         : NaN
+    day-in-year          : NaN
+    day-in-month         : NaN
+    day-of-week-in-month : NaN
+    day-in-week          : NaN
+    day-name             : 
+    day-abbreviation     : 
+    time                 : 
+    hour-in-day          : NaN
+    minute-in-hour       : NaN
+    second-in-minute     : NaN
+  
+  Test Date : 00:99:00
+    year                 : NaN
+    leap-year            : NaN
+    month-in-year        : NaN
+    month-name           : 
+    month-abbreviation   : 
+    week-in-year         : NaN
+    day-in-year          : NaN
+    day-in-month         : NaN
+    day-of-week-in-month : NaN
+    day-in-week          : NaN
+    day-name             : 
+    day-abbreviation     : 
+    time                 : 
+    hour-in-day          : NaN
+    minute-in-hour       : NaN
+    second-in-minute     : NaN
+  
+  Test Date : 00:00:99
+    year                 : NaN
+    leap-year            : NaN
+    month-in-year        : NaN
+    month-name           : 
+    month-abbreviation   : 
+    week-in-year         : NaN
+    day-in-year          : NaN
+    day-in-month         : NaN
+    day-of-week-in-month : NaN
+    day-in-week          : NaN
+    day-name             : 
+    day-abbreviation     : 
+    time                 : 
+    hour-in-day          : NaN
+    minute-in-hour       : NaN
+    second-in-minute     : NaN
diff --git a/tests/exslt/date/time.2.xml b/tests/exslt/date/time.2.xml
index 0db9cb4..d6f19ef 100644
--- a/tests/exslt/date/time.2.xml
+++ b/tests/exslt/date/time.2.xml
@@ -11,5 +11,8 @@
   <date date="24:00:00"/>
   <date date="00:60:00"/>
   <date date="00:00:60"/>
+  <date date="99:00:00"/>
+  <date date="00:99:00"/>
+  <date date="00:00:99"/>
 </page>
 
-- 
2.7.4