summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/NEWS3
-rw-r--r--src/times.cc4
-rw-r--r--test/regress/1224.test9
3 files changed, 15 insertions, 1 deletions
diff --git a/doc/NEWS b/doc/NEWS
index 5152ad7c..a7c9bbb5 100644
--- a/doc/NEWS
+++ b/doc/NEWS
@@ -48,6 +48,9 @@
- Fix use-after-free issue with deferred postings (bug #1723, TALOS-2017-0304,
CVE-2017-2808)
+- Fix possible stack overflow in date parsing routine (bug #1224,
+ CVE-2017-12482)
+
- Python: Removed double quotes from Unicode values.
- Python: Ensure that parse errors produce useful RuntimeErrors
diff --git a/src/times.cc b/src/times.cc
index db0d74ff..74773755 100644
--- a/src/times.cc
+++ b/src/times.cc
@@ -127,7 +127,9 @@ namespace {
date_t parse_date_mask_routine(const char * date_str, date_io_t& io,
date_traits_t * traits = NULL)
{
- VERIFY(std::strlen(date_str) < 127);
+ if (std::strlen(date_str) > 127) {
+ throw_(date_error, _f("Invalid date: %1%") % date_str);
+ }
char buf[128];
std::strcpy(buf, date_str);
diff --git a/test/regress/1224.test b/test/regress/1224.test
new file mode 100644
index 00000000..ecf87228
--- /dev/null
+++ b/test/regress/1224.test
@@ -0,0 +1,9 @@
+2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+
+test reg -> 1
+__ERROR__
+While parsing file "$FILE", line 1:
+While parsing transaction:
+> 2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+Error: Invalid date: 2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+end test
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 07:21:32 +0000