Validate tm values before timegm(); close #3368

This issue was reported by https://hackerone.com/volc
author: Yukihiro "Matz" Matsumoto <[email protected]> 2017-01-09 10:42:11 +0900
committer: Yukihiro "Matz" Matsumoto <[email protected]> 2017-01-09 10:42:11 +0900
commit: c4491e477b40adc842ef76e524647607780c8f25 (patch)
tree: f42bd2a386b9dbe51b37da1a5e02414c0b6ea00f /mrbgems/mruby-time
parent: d3a8ebfadf3a3764d70cb0fd2dafbb8e10debfe6 (diff)
download: mruby-c4491e477b40adc842ef76e524647607780c8f25.tar.gz
mruby-c4491e477b40adc842ef76e524647607780c8f25.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/mrbgems/mruby-time/src/time.c b/mrbgems/mruby-time/src/time.c
index 8cadfbcff..43d87e5ff 100644
--- a/mrbgems/mruby-time/src/time.c
+++ b/mrbgems/mruby-time/src/time.c
@@ -332,6 +332,15 @@ time_mktime(mrb_state *mrb, mrb_int ayear, mrb_int amonth, mrb_int aday,
   nowtime.tm_min   = (int)amin;
   nowtime.tm_sec   = (int)asec;
   nowtime.tm_isdst = -1;
+
+  if (nowtime.tm_mon  < 0 || nowtime.tm_mon  > 11
+      || nowtime.tm_mday < 1 || nowtime.tm_mday > 31
+      || nowtime.tm_hour < 0 || nowtime.tm_hour > 24
+      || (nowtime.tm_hour == 24 && (nowtime.tm_min > 0 || nowtime.tm_sec > 0))
+      || nowtime.tm_min  < 0 || nowtime.tm_min  > 59
+      || nowtime.tm_sec  < 0 || nowtime.tm_sec  > 60)
+    mrb_raise(mrb, E_RUNTIME_ERROR, "argument out of range");
+
   if (timezone == MRB_TIMEZONE_UTC) {
     nowsecs = timegm(&nowtime);
   }
author	Yukihiro "Matz" Matsumoto <[email protected]>	2017-01-09 10:42:11 +0900
committer	Yukihiro "Matz" Matsumoto <[email protected]>	2017-01-09 10:42:11 +0900
commit	c4491e477b40adc842ef76e524647607780c8f25 (patch)
tree	f42bd2a386b9dbe51b37da1a5e02414c0b6ea00f /mrbgems/mruby-time
parent	d3a8ebfadf3a3764d70cb0fd2dafbb8e10debfe6 (diff)
download	mruby-c4491e477b40adc842ef76e524647607780c8f25.tar.gz mruby-c4491e477b40adc842ef76e524647607780c8f25.zip