Andrew Geissler | 5199d83 | 2021-09-24 16:47:35 -0500 | [diff] [blame^] | 1 | |
| 2 | SECURITY: CVE-2021-35940 (cve.mitre.org) |
| 3 | |
| 4 | Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though |
| 5 | was addressed in 1.6.x in 1.6.3 and later via r1807976. |
| 6 | |
| 7 | The fix was merged back to 1.7.x in r1891198. |
| 8 | |
| 9 | Since this was a regression in 1.7.0, a new CVE name has been assigned |
| 10 | to track this, CVE-2021-35940. |
| 11 | |
| 12 | Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue. |
| 13 | |
| 14 | https://svn.apache.org/viewvc?view=revision&revision=1891198 |
| 15 | |
| 16 | Upstream-Status: Backport |
| 17 | CVE: CVE-2021-35940 |
| 18 | Signed-off-by: Armin Kuster <akuster@mvista.com> |
| 19 | |
| 20 | |
| 21 | Index: time/unix/time.c |
| 22 | =================================================================== |
| 23 | --- a/time/unix/time.c (revision 1891197) |
| 24 | +++ b/time/unix/time.c (revision 1891198) |
| 25 | @@ -142,6 +142,9 @@ |
| 26 | static const int dayoffset[12] = |
| 27 | {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; |
| 28 | |
| 29 | + if (xt->tm_mon < 0 || xt->tm_mon >= 12) |
| 30 | + return APR_EBADDATE; |
| 31 | + |
| 32 | /* shift new year to 1st March in order to make leap year calc easy */ |
| 33 | |
| 34 | if (xt->tm_mon < 2) |
| 35 | Index: time/win32/time.c |
| 36 | =================================================================== |
| 37 | --- a/time/win32/time.c (revision 1891197) |
| 38 | +++ b/time/win32/time.c (revision 1891198) |
| 39 | @@ -54,6 +54,9 @@ |
| 40 | static const int dayoffset[12] = |
| 41 | {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; |
| 42 | |
| 43 | + if (tm->wMonth < 1 || tm->wMonth > 12) |
| 44 | + return APR_EBADDATE; |
| 45 | + |
| 46 | /* Note; the caller is responsible for filling in detailed tm_usec, |
| 47 | * tm_gmtoff and tm_isdst data when applicable. |
| 48 | */ |
| 49 | @@ -228,6 +231,9 @@ |
| 50 | static const int dayoffset[12] = |
| 51 | {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; |
| 52 | |
| 53 | + if (xt->tm_mon < 0 || xt->tm_mon >= 12) |
| 54 | + return APR_EBADDATE; |
| 55 | + |
| 56 | /* shift new year to 1st March in order to make leap year calc easy */ |
| 57 | |
| 58 | if (xt->tm_mon < 2) |