ack sent
Forwarded message:
> From gdiener@advtech.uswest.com Mon Oct 9 16:01:22 1995
> Message-Id: <9510092301.AA04093@barclay.advtech.uswest.com>
> Content-Type: text/plain
> Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
> From: grd <gdiener@advtech.uswest.com>
> Date: Mon, 9 Oct 95 17:01:12 -0600
> To: apache-bugs@apache.org
> Subject: bug and fix to: int later_than(struct tm *lms, char *ims)
> Cc: gdiener@advtech.uswest.com
>
>
> I believe that apache 0.8.14, together with all earlier versions (and the original
> ncsa source) all have a bug in the way a string ctime / asctime is parsed.
> In the function: int later_than(struct tm *lms, char *ims)
> (In 0.8.14, in the file http_protocol.c, lines 109:112), you will find:
>
> if(isalpha(*ip)) {
> /* ctime */
> sscanf(ip,"%s %d %d:%d:%d %*s %d",mname,&day,&hour,&min,&sec,&year);
>
> ...the skipped field in the scanf should not be here...there is no code to
> skip over in the format, for example...
> Sun Sep 16 01:03:52 1973\n\0
> %s %d %d:%d:%d %s
> i.e. the code should be:
> if(isalpha(*ip)) {
> /* ctime */
> sscanf(ip,"%s %d %d:%d:%d %d",mname,&day,&hour,&min,&sec,&year);
>
> As is, the code sets the year to garbage.
>
> Since few (if any) web software modules actually use asctime format,
> RFC 1123 being the ``official'' standard, I doubt that the bug ever
> surfaces; indeed, I only found it because I raided the source for a
> different application, then found it didn't work during testing.
> Nevertheless, since the fix is so trivial (delete 4 chars from the
> source), thought I'd pass it on anyway.
>
> -glen diener
> gdiener@uswest.com
>
Forwarded message:
> From gdiener@advtech.uswest.com Mon Oct 9 16:01:22 1995
> Message-Id: <9510092301.AA04093@barclay.advtech.uswest.com>
> Content-Type: text/plain
> Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
> From: grd <gdiener@advtech.uswest.com>
> Date: Mon, 9 Oct 95 17:01:12 -0600
> To: apache-bugs@apache.org
> Subject: bug and fix to: int later_than(struct tm *lms, char *ims)
> Cc: gdiener@advtech.uswest.com
>
>
> I believe that apache 0.8.14, together with all earlier versions (and the original
> ncsa source) all have a bug in the way a string ctime / asctime is parsed.
> In the function: int later_than(struct tm *lms, char *ims)
> (In 0.8.14, in the file http_protocol.c, lines 109:112), you will find:
>
> if(isalpha(*ip)) {
> /* ctime */
> sscanf(ip,"%s %d %d:%d:%d %*s %d",mname,&day,&hour,&min,&sec,&year);
>
> ...the skipped field in the scanf should not be here...there is no code to
> skip over in the format, for example...
> Sun Sep 16 01:03:52 1973\n\0
> %s %d %d:%d:%d %s
> i.e. the code should be:
> if(isalpha(*ip)) {
> /* ctime */
> sscanf(ip,"%s %d %d:%d:%d %d",mname,&day,&hour,&min,&sec,&year);
>
> As is, the code sets the year to garbage.
>
> Since few (if any) web software modules actually use asctime format,
> RFC 1123 being the ``official'' standard, I doubt that the bug ever
> surfaces; indeed, I only found it because I raided the source for a
> different application, then found it didn't work during testing.
> Nevertheless, since the fix is so trivial (delete 4 chars from the
> source), thought I'd pass it on anyway.
>
> -glen diener
> gdiener@uswest.com
>