cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-library Mailing List Archives

Bug#551461: curl_getdate(3) fails to parse some valid RFC 822 dates (fwd)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 18 Oct 2009 14:32:42 +0200 (CEST)

FYI

-- 
  / daniel.haxx.se
---------- Forwarded message ----------
Date: Sun, 18 Oct 2009 13:38:00
From: "J.H.M. Dassen (Ray)" <jdassen_at_debian.org>
To: Debian Bug Tracking System <submit_at_bugs.debian.org>
Subject: Bug#551461: curl_getdate(3) fails to parse some valid RFC 822 dates
Resent-Date: Sun, 18 Oct 2009 12:24:06 +0000
Resent-Date: Sun, 18 Oct 2009 12:24:09 +0000
Resent-From: "J.H.M. Dassen (Ray)" <jdassen_at_debian.org>
Resent-To: debian-bugs-dist_at_lists.debian.org
Resent-cc: Domenico Andreoli <cavok_at_debian.org>
Package: libcurl3-gnutls
Version: 7.19.5-1.1
Severity: normal
Tags: patch upstream
According to curl_getdate(3), its "parser was written to handle date formats
specified in RFC 822 (including the update in RFC 1123) using time zone name
or time zone delta and RFC 850 (obsoleted by RFC 1036) and ANSI C's
asctime() format."
RFC 822's date format allows for the use of single letter military
timezones; see
 	http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html
For example, "Sat, 17 Oct 2009 20:00:00 Z" is a valid date string according
to RFC822, and such date strings are seen in the wild (see bug #37491), but
are not parsed by curl_getdate(3). The patch below (which I have tested
against libcurl CVS HEAD) fixes this.
Kind regards,
Ray
diff -ru ../curl-cvs/lib/parsedate.c ./lib/parsedate.c
--- ../curl-cvs/lib/parsedate.c	2009-09-03 10:30:28.000000000 +0200
+++ ./lib/parsedate.c	2009-10-18 12:47:45.000000000 +0200
@@ -147,6 +147,36 @@
    {"NZST", -720},          /* New Zealand Standard */
    {"NZDT", -720 tDAYZONE}, /* New Zealand Daylight */
    {"IDLE", -720},          /* International Date Line East */
+  /* Next up: Military timezone names. RFC822 allowed these, but (as noted in
+     RFC 1123) had their signs wrong. Here we use the correct signs to match
+     actual military usage.
+   */
+  {"A",  +1 * 60},         /* Alpha */
+  {"B",  +2 * 60},         /* Bravo */
+  {"C",  +3 * 60},         /* Charlie */
+  {"D",  +4 * 60},         /* Delta */
+  {"E",  +5 * 60},         /* Echo */
+  {"F",  +6 * 60},         /* Foxtrot */
+  {"G",  +7 * 60},         /* Golf */
+  {"H",  +8 * 60},         /* Hotel */
+  {"I",  +9 * 60},         /* India */
+  /* "J", Juliet is not used as a timezone, to indicate the observer's local time */
+  {"K", +10 * 60},         /* Kilo */
+  {"L", +11 * 60},         /* Lima */
+  {"M", +12 * 60},         /* Mike */
+  {"N",  -1 * 60},         /* November */
+  {"O",  -2 * 60},         /* Oscar */
+  {"P",  -3 * 60},         /* Papa */
+  {"Q",  -4 * 60},         /* Quebec */
+  {"R",  -5 * 60},         /* Romeo */
+  {"S",  -6 * 60},         /* Sierra */
+  {"T",  -7 * 60},         /* Tango */
+  {"U",  -8 * 60},         /* Uniform */
+  {"V",  -9 * 60},         /* Victor */
+  {"W", -10 * 60},         /* Whiskey */
+  {"X", -11 * 60},         /* X-ray */
+  {"Y", -12 * 60},         /* Yankee */
+  {"Z", 0},                /* Zulu, zero meridian, a.k.a. UTC */
  };
  /* returns:
-- System Information:
Debian Release: squeeze/sid
   APT prefers unstable
   APT policy: (990, 'unstable'), (500, 'testing-proposed-updates'), (500, 'oldstable'), (500, 'stable'), (400, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31.4 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libcurl3-gnutls depends on:
ii  ca-certificates        20090814          Common CA certificates
ii  libc6                  2.9-27            GNU C Library: Shared libraries
ii  libgcrypt11            1.4.4-4           LGPL Crypto library - runtime libr
ii  libgnutls26            2.8.4-1           the GNU TLS library - runtime libr
ii  libgssapi-krb5-2       1.7dfsg~beta3-1   MIT Kerberos runtime libraries - k
ii  libidn11               1.15-2            GNU Libidn library, implementation
ii  libldap-2.4-2          2.4.17-2          OpenLDAP libraries
ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library - runtime
libcurl3-gnutls recommends no packages.
libcurl3-gnutls suggests no packages.
-- no debconf information
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2009-10-18

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET