commit 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Author: Alex Rousskov Date: Wed Oct 25 19:41:45 2023 +0000 RFC 1123: Fix date parsing (#1538) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time Handling". diff --git a/lib/rfc1123.c b/lib/rfc1123.c index e5bf9a4d7..cb484cc00 100644 --- a/lib/rfc1123.c +++ b/lib/rfc1123.c @@ -50,7 +50,13 @@ make_month(const char *s) char month[3]; month[0] = xtoupper(*s); + if (!month[0]) + return -1; // protects *(s + 1) below + month[1] = xtolower(*(s + 1)); + if (!month[1]) + return -1; // protects *(s + 2) below + month[2] = xtolower(*(s + 2)); for (i = 0; i < 12; i++)