Inicio Explorar Axuda
Rexistro Iniciar sesión
lqb
/
elasticsearch
réplica de https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Add bounds checking to parsing ISO8601 timezone offset values (#108672)

Simon Cooper hai 1 ano
pai
418b9f4e41
achega
ddf16db4d6
Modificáronse 3 ficheiros con 11 adicións e 3 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 5 0
      docs/changelog/108672.yaml
  2. 3 3
      server/src/main/java/org/elasticsearch/common/time/Iso8601Parser.java
  3. 3 0
      server/src/test/java/org/elasticsearch/common/time/Iso8601ParserTests.java

+ 5 - 0
docs/changelog/108672.yaml
Ver ficheiro 

@@ -0,0 +1,5 @@
 
+pr: 108672
 
+summary: Add bounds checking to parsing ISO8601 timezone offset values
 
+area: Infra/Core
 
+type: bug
 
+issues: []

+ 3 - 3
server/src/main/java/org/elasticsearch/common/time/Iso8601Parser.java
Ver ficheiro 

@@ -427,7 +427,7 @@ class Iso8601Parser {
 
         pos++;  // read the + or -
 
 
         Integer hours = parseInt(str, pos, pos += 2);
 
-        if (hours == null) return null;
 
+        if (hours == null || hours > 23) return null;
 
         if (len == pos) return ofHoursMinutesSeconds(hours, 0, 0, positive);
 
 
         boolean hasColon = false;
 
@@ -437,7 +437,7 @@ class Iso8601Parser {
 
         }
 
 
         Integer minutes = parseInt(str, pos, pos += 2);
 
-        if (minutes == null) return null;
 
+        if (minutes == null || minutes > 59) return null;
 
         if (len == pos) return ofHoursMinutesSeconds(hours, minutes, 0, positive);
 
 
         // either both dividers have a colon, or neither do
 
@@ -447,7 +447,7 @@ class Iso8601Parser {
 
         }
 
 
         Integer seconds = parseInt(str, pos, pos += 2);
 
-        if (seconds == null) return null;
 
+        if (seconds == null || seconds > 59) return null;
 
         if (len == pos) return ofHoursMinutesSeconds(hours, minutes, seconds, positive);
 
 
         // there's some text left over...

+ 3 - 0
server/src/test/java/org/elasticsearch/common/time/Iso8601ParserTests.java
Ver ficheiro 

@@ -70,6 +70,9 @@ public class Iso8601ParserTests extends ESTestCase {
 
         assertThat(defaultParser().tryParse("2023-12-31T23:60", null), hasError(14));
 
         assertThat(defaultParser().tryParse("2023-12-31T23:59:60", null), hasError(17));
 
         assertThat(defaultParser().tryParse("2023-12-31T23:59:59+18:30", null), hasError(19));
 
+        assertThat(defaultParser().tryParse("2023-12-31T23:59:59+24", null), hasError(19));
 
+        assertThat(defaultParser().tryParse("2023-12-31T23:59:59+1060", null), hasError(19));
 
+        assertThat(defaultParser().tryParse("2023-12-31T23:59:59+105960", null), hasError(19));
 
     }
 
 
     public void testMandatoryFields() {