From: Miod Vallat <miod.vallat@powerdns.com>
Date: Thu, 5 Feb 2026 08:21:41 +0000 (+0100)
Subject: Perform stricter validation of timestamps.
X-Git-Tag: rec-5.5.0-alpha0~32^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F16820%2Fhead;p=thirdparty%2Fpdns.git

Perform stricter validation of timestamps.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>
---

diff --git a/pdns/rcpgenerator.cc b/pdns/rcpgenerator.cc
index f3e930b8cd..ecc6c36db0 100644
--- a/pdns/rcpgenerator.cc
+++ b/pdns/rcpgenerator.cc
@@ -124,6 +124,13 @@ void RecordTextReader::xfrTime(uint32_t &val)
     throw RecordTextException("unable to parse '"+std::to_string(itmp)+"' into a valid time at position "+std::to_string(d_pos)+" in '"+d_string+"'");
   }
 
+  // Note tm_mon is still in 1..12 range at this point
+  if (tm.tm_sec < 0 || tm.tm_sec > 60 || tm.tm_min < 0 || tm.tm_min > 59 ||
+      tm.tm_hour < 0 || tm.tm_hour > 23 || tm.tm_mday < 0 || tm.tm_mday > 31 ||
+      tm.tm_mon < 1 || tm.tm_mon > 12) {
+    throw RecordTextException("invalid time specification '"+std::to_string(itmp)+"' at position "+std::to_string(d_pos)+" in '"+d_string+"'");
+  }
+
   tm.tm_year-=1900;
   tm.tm_mon-=1;
   // coverity[store_truncates_time_t]