From 699ce709af27f6fb5d983146123f80f7f14a1b3b Mon Sep 17 00:00:00 2001 From: OpenKylin Developers Date: Mon, 16 Jan 2023 15:55:45 +0800 Subject: [PATCH] SECURITY: CVE-2021-35940 (cve.mitre.org) Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1891198 Bug-Debian: https://bugs.debian.org/992789 Forwarded: not-needed Last-Update: 2021-08-20 Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though was addressed in 1.6.x in 1.6.3 and later via r1807976. The fix was merged back to 1.7.x in r1891198. Since this was a regression in 1.7.0, a new CVE name has been assigned to track this, CVE-2021-35940. Gbp-Pq: Name CVE-2021-35940.patch --- time/unix/time.c | 3 +++ time/win32/time.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/time/unix/time.c b/time/unix/time.c index dfa45e6..7f09581 100644 --- a/time/unix/time.c +++ b/time/unix/time.c @@ -142,6 +142,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, apr_time_exp_t *xt) static const int dayoffset[12] = {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + if (xt->tm_mon < 0 || xt->tm_mon >= 12) + return APR_EBADDATE; + /* shift new year to 1st March in order to make leap year calc easy */ if (xt->tm_mon < 2) diff --git a/time/win32/time.c b/time/win32/time.c index 81dc2a4..eb1e6f1 100644 --- a/time/win32/time.c +++ b/time/win32/time.c @@ -54,6 +54,9 @@ static void SystemTimeToAprExpTime(apr_time_exp_t *xt, SYSTEMTIME *tm) static const int dayoffset[12] = {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + if (tm->wMonth < 1 || tm->wMonth > 12) + return APR_EBADDATE; + /* Note; the caller is responsible for filling in detailed tm_usec, * tm_gmtoff and tm_isdst data when applicable. */ @@ -228,6 +231,9 @@ APR_DECLARE(apr_status_t) apr_time_exp_get(apr_time_t *t, static const int dayoffset[12] = {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + if (xt->tm_mon < 0 || xt->tm_mon >= 12) + return APR_EBADDATE; + /* shift new year to 1st March in order to make leap year calc easy */ if (xt->tm_mon < 2)