From e96746311cc9200e396e60296eecd5c691bd125a Mon Sep 17 00:00:00 2001
From: Riya John <riyajohn29@rediffmail.com>
Date: Thu, 7 Oct 2021 06:54:25 +0530
Subject: [PATCH] decoder: fix panic date time should have a timezone (#614)

Fixes #596

Co-authored-by: Thomas Pelletier <thomas@pelletier.codes>
---
 decode.go           | 10 ++++++++++
 unmarshaler_test.go | 21 +++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/decode.go b/decode.go
index aa64610..78ce1d2 100644
--- a/decode.go
+++ b/decode.go
@@ -149,22 +149,32 @@ func parseLocalTime(b []byte) (LocalTime, []byte, error) {
 		t     LocalTime
 	)
 
+	// check if b matches to have expected format HH:MM:SS[.NNNNNN]
 	const localTimeByteLen = 8
 	if len(b) < localTimeByteLen {
 		return t, nil, newDecodeError(b, "times are expected to have the format HH:MM:SS[.NNNNNN]")
 	}
 
 	t.Hour = parseDecimalDigits(b[0:2])
+	if t.Hour > 23 {
+		return t, nil, newDecodeError(b[0:2], "hour cannot be greater 23")
+	}
 	if b[2] != ':' {
 		return t, nil, newDecodeError(b[2:3], "expecting colon between hours and minutes")
 	}
 
 	t.Minute = parseDecimalDigits(b[3:5])
+	if t.Minute > 59 {
+		return t, nil, newDecodeError(b[3:5], "minutes cannot be greater 59")
+	}
 	if b[5] != ':' {
 		return t, nil, newDecodeError(b[5:6], "expecting colon between minutes and seconds")
 	}
 
 	t.Second = parseDecimalDigits(b[6:8])
+	if t.Second > 59 {
+		return t, nil, newDecodeError(b[3:5], "seconds cannot be greater 59")
+	}
 
 	const minLengthWithFrac = 9
 	if len(b) >= minLengthWithFrac && b[minLengthWithFrac-1] == '.' {
diff --git a/unmarshaler_test.go b/unmarshaler_test.go
index dbe8fb3..b77ced1 100644
--- a/unmarshaler_test.go
+++ b/unmarshaler_test.go
@@ -1759,6 +1759,12 @@ func TestIssue600(t *testing.T) {
 	require.NoError(t, err)
 }
 
+func TestIssue596(t *testing.T) {
+	var v interface{}
+	err := toml.Unmarshal([]byte(`a=1979-05-27T90:+2:99`), &v)
+	require.Error(t, err)
+}
+
 //nolint:funlen
 func TestUnmarshalDecodeErrors(t *testing.T) {
 	examples := []struct {
@@ -1892,6 +1898,21 @@ world'`,
 			data: `a = 2021-03-30 21:312:0`,
 			msg:  `expecting colon between minutes and seconds`,
 		},
+		{
+			desc: "invalid hour value",
+			data: `a=1979-05-27T90:+2:99`,
+			msg:  `hour cannot be greater 23`,
+		},
+		{
+			desc: "invalid minutes value",
+			data: `a=1979-05-27T23:+2:99`,
+			msg:  `minutes cannot be greater 59`,
+		},
+		{
+			desc: "invalid seconds value",
+			data: `a=1979-05-27T12:45:99`,
+			msg:  `seconds cannot be greater 59`,
+		},
 		{
 			desc: `binary with invalid digit`,
 			data: `a = 0bf`,