commit deee944f9a12c9fd399ce52f3e2526bb573a9470 Author: Alex Rousskov Date: Wed Oct 25 19:41:45 2023 +0000 RFC 1123: Fix date parsing (#1538) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time Handling". Back port upstream patch Signed-Off-By: tianyue.lan@oracle.com --- lib/rfc1123.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/rfc1123.c b/lib/rfc1123.c index 2d889cc..add63f0 100644 --- a/lib/rfc1123.c +++ b/lib/rfc1123.c @@ -50,7 +50,13 @@ make_month(const char *s) char month[3]; month[0] = xtoupper(*s); + if (!month[0]) + return -1; // protects *(s + 1) below + month[1] = xtolower(*(s + 1)); + if (!month[1]) + return -1; // protects *(s + 2) below + month[2] = xtolower(*(s + 2)); for (i = 0; i < 12; i++) -- 2.39.3