RFC 1123: Fix date parsing (#1538)

The bug was discovered and detailed by Joshua Rogers at
https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
Handling".

diff --git a/src/time/rfc1123.cc b/src/time/rfc1123.cc
index d89d22262f6f25e1e7e793cc11ee0012ee5d7c67..7524959edb0be7b16c331f7c1f3b07bdedeb14b3 100644 (file)
--- a/src/time/rfc1123.cc
+++ b/src/time/rfc1123.cc
@@ -50,7 +50,13 @@ make_month(const char *s)
     char month[3];
 
     month[0] = xtoupper(*s);
+    if (!month[0])
+        return -1; // protects *(s + 1) below
+
     month[1] = xtolower(*(s + 1));
+    if (!month[1])
+        return -1; // protects *(s + 2) below
+
     month[2] = xtolower(*(s + 2));
 
     for (i = 0; i < 12; i++)