From 76832ff5c4f107f8a8165fcafc9b05a888cdb964 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Sun, 23 Sep 2018 20:27:32 +0200
Subject: date: do not allow "month #20" and such, closes 11356

function                                             old     new   delta
parse_datestr                                        906     961     +55

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 libbb/time.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'libbb')

diff --git a/libbb/time.c b/libbb/time.c
index 82e6cb172..f9b8da0b3 100644
--- a/libbb/time.c
+++ b/libbb/time.c
@@ -184,6 +184,7 @@ void FAST_FUNC parse_datestr(const char *date_str, struct tm *ptm)
 			ptm->tm_year -= 1900; /* Adjust years */
 			ptm->tm_mon -= 1; /* Adjust month from 1-12 to 0-11 */
 		} else {
+ err:
 			bb_error_msg_and_die(bb_msg_invalid_date, date_str);
 		}
 		ptm->tm_sec = 0; /* assume zero if [.SS] is not given */
@@ -194,6 +195,19 @@ void FAST_FUNC parse_datestr(const char *date_str, struct tm *ptm)
 				end = '\0';
 			/* else end != NUL and we error out */
 		}
+		/* Users were confused by "date -s 20180923"
+		 * working (not in the way they were expecting).
+		 * It was interpreted as MMDDhhmm, and not bothered by
+		 * "month #20" in the least. Prevent such cases:
+		 */
+		if (ptm->tm_sec > 60 /* allow "23:60" leap second */
+		 || ptm->tm_min > 59
+		 || ptm->tm_hour > 23
+		 || ptm->tm_mday > 31
+		 || ptm->tm_mon > 11 /* month# is 0..11, not 1..12 */
+		) {
+			goto err;
+		}
 	}
 	if (end != '\0') {
 		bb_error_msg_and_die(bb_msg_invalid_date, date_str);
-- 
cgit v1.2.3-55-g6feb