Bug#291572: libc: strptime fails to check legal value range for seconds

To: submit@bugs.debian.org
Subject: Bug#291572: libc: strptime fails to check legal value range for seconds
From: Thomas Finneid <tfinneid@ifi.uio.no>
Date: Fri, 21 Jan 2005 17:15:45 +0100
Message-id: <[🔎] 1106324145.15233.182.camel@pluto>
Reply-to: Thomas Finneid <tfinneid@ifi.uio.no>, 291572@bugs.debian.org

Package: libc6
Version: 2.3.2.ds1-20

The following format specifier fails to validate the seconds argument
valid value ranges, 0-59. All other values are validated as legal.

    "%Y-%m-%d %H:%M:%S"

when using a date string of format:

    "2004-12-31 23:59:00"

with value for seconds:

    "2004-12-31 23:59:79"

example:


struct tm time_data;

if( NULL == ((char *)strptime(date, "%Y-%m-%d %H:%M:%S", &time_data)) )
{
	return(DATA_FORMAT_ERROR);
}



System: 
Debian Sarge
Linux X 2.6.3 #7 SMP Tue Mar 9 17:24:55 CET 2004 i686 GNU/Linux
compiler: gcc version 3.3.5 (Debian 1:3.3.5-5)
libraries:
                      libc5          5.4.46-15
                      libc6          2.3.2.ds1-20
                      binutils       2.15-5 


I have not reported this bug to glibc.


--

thomas

Reply to:

Follow-Ups:
- Bug#291572: marked as done (libc: strptime fails to check legal value range for seconds)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#91935: libc6: iconv breaks on illegal input sequence
Next by Date: Bug#291609: libc6: Missing funcions in libresolv
Previous by thread: Bug#279294: SSE FP Exception
Next by thread: Bug#291572: marked as done (libc: strptime fails to check legal value range for seconds)
Index(es):
- Date
- Thread