Decode: restrict timezone offset values (#696)
Don't allow hours greater than 24 and minutes greater than 60 per RFC 3339.
This commit is contained in:
Cameron Moore
@@ -117,10 +117,17 @@ func parseDateTime(b []byte) (time.Time, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return time.Time{}, err
|
return time.Time{}, err
|
||||||
}
|
}
|
||||||
|
if hours > 24 {
|
||||||
|
return time.Time{}, newDecodeError(b[:1], "invalid timezone offset hours")
|
||||||
|
}
|
||||||
|
|
||||||
minutes, err := parseDecimalDigits(b[4:6])
|
minutes, err := parseDecimalDigits(b[4:6])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return time.Time{}, err
|
return time.Time{}, err
|
||||||
}
|
}
|
||||||
|
if minutes > 60 {
|
||||||
|
return time.Time{}, newDecodeError(b[:1], "invalid timezone offset minutes")
|
||||||
|
}
|
||||||
|
|
||||||
seconds := direction * (hours*3600 + minutes*60)
|
seconds := direction * (hours*3600 + minutes*60)
|
||||||
zone = time.FixedZone("", seconds)
|
zone = time.FixedZone("", seconds)
|
||||||
|
|||||||
@@ -2632,6 +2632,14 @@ world'`,
|
|||||||
desc: `invalid number of seconds digits with trailing digit`,
|
desc: `invalid number of seconds digits with trailing digit`,
|
||||||
data: `a=0000-01-01 00:00:000000Z3`,
|
data: `a=0000-01-01 00:00:000000Z3`,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
desc: `invalid zone offset hours`,
|
||||||
|
data: `a=0000-01-01 00:00:00+25:00`,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: `invalid zone offset minutes`,
|
||||||
|
data: `a=0000-01-01 00:00:00+00:61`,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
desc: `invalid character in zone offset hours`,
|
desc: `invalid character in zone offset hours`,
|
||||||
data: `a=0000-01-01 00:00:00+0Z:00`,
|
data: `a=0000-01-01 00:00:00+0Z:00`,
|
||||||
|
|||||||
Reference in New Issue
Block a user