Blame SOURCES/apr-1.4.8-CVE-2017-12613.patch
|
 |
6a3bc7 |
--- a/time/unix/time.c 2017/09/10 22:11:37 1807974
|
|
|
6a3bc7 |
+++ b/time/unix/time.c 2017/09/10 22:30:14 1807975
|
|
|
6a3bc7 |
@@ -142,6 +142,9 @@
|
|
|
6a3bc7 |
static const int dayoffset[12] =
|
|
|
6a3bc7 |
{306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
|
|
|
6a3bc7 |
|
|
|
6a3bc7 |
+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
|
|
|
6a3bc7 |
+ return APR_EBADDATE;
|
|
|
6a3bc7 |
+
|
|
|
6a3bc7 |
/* shift new year to 1st March in order to make leap year calc easy */
|
|
|
6a3bc7 |
|
|
|
6a3bc7 |
if (xt->tm_mon < 2)
|