parsedate.c: fix a numeric overflow (e8a32438) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/parsedate.c

+23 −2

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@
		* \| (__\| \|_\| \| _ <\| \|___
		* \___\|\___/\|_\| \_\_____\|
		*
		* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
		* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
		*
		* This software is licensed as described in the file COPYING, which
		* you should have received as part of this distribution. The terms
		@@ -75,6 +75,10 @@

		#include "setup.h"

		#ifdef HAVE_LIMITS_H
		#include <limits.h>
		#endif

		#include <curl/curl.h>
		#include "rawstr.h"
		#include "warnless.h"
		@@ -392,7 +396,24 @@ static int parsedate(const char date, time_t output)
		secnum = 0;
		}
		else {
		val = curlx_sltosi(strtol(date, &end, 10));
		long lval;
		int error;
		int old_errno;

		old_errno = ERRNO;
		SET_ERRNO(0);
		lval = strtol(date, &end, 10);
		error = ERRNO;
		if(error != old_errno)
		SET_ERRNO(old_errno);

		if(error)
		return PARSEDATE_FAIL;

		if((lval > (long)INT_MAX) \|\| (lval < (long)INT_MIN))
		return PARSEDATE_FAIL;

		val = curlx_sltosi(lval);

		if((tzoff == -1) &&
		((end - date) == 4) &&