From 9bf9be681e755bf30f900fe91e1388f475d23967 Mon Sep 17 00:00:00 2001 From: Thomas Pelletier Date: Thu, 2 Dec 2021 09:00:20 -0500 Subject: [PATCH] Decoder: check for invalid chars in timezone (#695) Fixes #694 --- decode.go | 11 +++++++++-- parser.go | 12 ------------ unmarshaler_test.go | 8 ++++++++ 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/decode.go b/decode.go index c88cbad..e89f23d 100644 --- a/decode.go +++ b/decode.go @@ -113,8 +113,15 @@ func parseDateTime(b []byte) (time.Time, error) { return time.Time{}, newDecodeError(b[3:4], "expected a : separator") } - hours := digitsToInt(b[1:3]) - minutes := digitsToInt(b[4:6]) + hours, err := parseDecimalDigits(b[1:3]) + if err != nil { + return time.Time{}, err + } + minutes, err := parseDecimalDigits(b[4:6]) + if err != nil { + return time.Time{}, err + } + seconds := direction * (hours*3600 + minutes*60) zone = time.FixedZone("", seconds) b = b[dateTimeByteLen:] diff --git a/parser.go b/parser.go index 86b5fd2..7fee2de 100644 --- a/parser.go +++ b/parser.go @@ -886,18 +886,6 @@ func (p *parser) parseIntOrFloatOrDateTime(b []byte) (ast.Reference, []byte, err return p.scanIntOrFloat(b) } -func digitsToInt(b []byte) int { - x := 0 - - for _, d := range b { - x *= 10 - x += int(d - '0') - } - - return x -} - -//nolint:gocognit,cyclop func (p *parser) scanDateTime(b []byte) (ast.Reference, []byte, error) { // scans for contiguous characters in [0-9T:Z.+-], and up to one space if // followed by a digit. diff --git a/unmarshaler_test.go b/unmarshaler_test.go index c29f9ac..d6bd268 100644 --- a/unmarshaler_test.go +++ b/unmarshaler_test.go @@ -2632,6 +2632,14 @@ world'`, desc: `invalid number of seconds digits with trailing digit`, data: `a=0000-01-01 00:00:000000Z3`, }, + { + desc: `invalid character in zone offset hours`, + data: `a=0000-01-01 00:00:00+0Z:00`, + }, + { + desc: `invalid character in zone offset minutes`, + data: `a=0000-01-01 00:00:00+00:0Z`, + }, { desc: `invalid number of seconds`, data: `a=0000-01-01 00:00:00+27000`,