ostiwe/go-toml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Decode: restrict timezone offset values (#696)

Browse Source 
Don't allow hours greater than 24 and minutes greater than 60 per RFC
3339.
This commit is contained in:
Cameron Moore
2021-12-02 17:59:32 -06:00
committed by GitHub
parent 9bf9be681e
commit f53bc740c1
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
decode.go
+7
View File
@@ -117,10 +117,17 @@ func parseDateTime(b []byte) (time.Time, error) {
if err != nil {
return time.Time{}, err
}
if hours > 24 {
return time.Time{}, newDecodeError(b[:1], "invalid timezone offset hours")
}
minutes, err := parseDecimalDigits(b[4:6])
if err != nil {
return time.Time{}, err
}
if minutes > 60 {
return time.Time{}, newDecodeError(b[:1], "invalid timezone offset minutes")
}
seconds := direction * (hours*3600 + minutes*60)
zone = time.FixedZone("", seconds)
unmarshaler_test.go
+8
View File
@@ -2632,6 +2632,14 @@ world'`,
desc: `invalid number of seconds digits with trailing digit`,
data: `a=0000-01-01 00:00:000000Z3`,
},
{
desc: `invalid zone offset hours`,
data: `a=0000-01-01 00:00:00+25:00`,
},
{
desc: `invalid zone offset minutes`,
data: `a=0000-01-01 00:00:00+00:61`,
},
{
desc: `invalid character in zone offset hours`,
data: `a=0000-01-01 00:00:00+0Z:00`,