fast-import.c::validate_raw_date(): really validate the value

When reading the "raw format" timestamp from the input stream, make sure that the timezone offset is a reasonable value by imitating 7122f82 (date.c: improve guess between timezone offset and year., 2006-06-08). We _might_ want to also check if the timestamp itself is reasonable, but that is left for a separate commit. Signed-off-by: Junio C Hamano <gitster@pobox.com>
16 years ago · 1cd749cc07
1 changed files with 6 additions and 3 deletions
--- a/fast-import.c
+++ b/fast-import.c
@ -1744,10 +1744,12 @@ static int validate_raw_date(const char *src, char *result, int maxlen)
				@@ -1744,10 +1744,12 @@ static int validate_raw_date(const char *src, char *result, int maxlen)
 {
 	const char *orig_src = src;
 	char *endp;
+	unsigned long num;

 	errno = 0;

-	strtoul(src, &endp, 10);
+	num = strtoul(src, &endp, 10);
+	/* NEEDSWORK: perhaps check for reasonable values? */
 	if (errno || endp == src || *endp != ' ')
 		return -1;

@ -1755,8 +1757,9 @@ static int validate_raw_date(const char *src, char *result, int maxlen)
				@@ -1755,8 +1757,9 @@ static int validate_raw_date(const char *src, char *result, int maxlen)
 	if (*src != '-' && *src != '+')
 		return -1;

-	strtoul(src + 1, &endp, 10);
-	if (errno || endp == src || *endp || (endp - orig_src) >= maxlen)
+	num = strtoul(src + 1, &endp, 10);
+	if (errno || endp == src + 1 || *endp || (endp - orig_src) >= maxlen ||
+	    1400 < num)
 		return -1;

 	strcpy(result, orig_src);