From: "darcy via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: darcy <acednes@gmail.com>, darcy <acednes@gmail.com>
Subject: [PATCH v2] date: detect underflow when parsing dates with positive timezone offset
Date: Sun, 02 Jun 2024 23:06:48 +0000 [thread overview]
Message-ID: <pull.1726.v2.git.git.1717369608923.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.1726.git.git.1716801427015.gitgitgadget@gmail.com>
From: darcy <acednes@gmail.com>
Overriding the date of a commit to be close to "1970-01-01 00:00:00"
with a large enough timezone for the equivelant GMT time to be before
the epoch is considered valid by `parse_date_basic`.
This leads to an integer underflow in the commit timestamp, which is not
caught by `git-commit`, but will cause other services to fail, such as
`git-fsck`, which reports "badDateOverflow: invalid author/committer
line - date causes integer overflow".
Instead check the timezone offset and fail if the resulting time comes
before the epoch, "1970-01-01T00:00:00Z", when parsing.
Signed-off-by: Darcy Burke <acednes@gmail.com>
---
fix: prevent date underflow when using positive timezone offset
cc: Patrick Steinhardt ps@pks.im cc: Phillip Wood
phillip.wood123@gmail.com
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1726%2Fdxrcy%2Fmaster-v2
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1726/dxrcy/master-v2
Pull-Request: https://github.com/git/git/pull/1726
Range-diff vs v1:
1: 4542d984aab ! 1: db508b2f533 fix: prevent date underflow when using positive timezone offset
@@ Metadata
Author: darcy <acednes@gmail.com>
## Commit message ##
- fix: prevent date underflow when using positive timezone offset
+ date: detect underflow when parsing dates with positive timezone offset
- Overriding the date of a commit to be `1970-01-01` with a large enough
- timezone for the equivalent GMT time to before 1970 is no longer
- accepted.
+ Overriding the date of a commit to be close to "1970-01-01 00:00:00"
+ with a large enough timezone for the equivelant GMT time to be before
+ the epoch is considered valid by `parse_date_basic`.
- Example: `GIT_COMMITTER_DATE='1970-01-01T00:00:00+10' git commit` would
- previously be accepted, only to unexpectedly fail in other parts of the
- code, such as `git push`. The timestamp is now checked against postitive
- timezone values.
+ This leads to an integer underflow in the commit timestamp, which is not
+ caught by `git-commit`, but will cause other services to fail, such as
+ `git-fsck`, which reports "badDateOverflow: invalid author/committer
+ line - date causes integer overflow".
- Signed-off-by: darcy <acednes@gmail.com>
+ Instead check the timezone offset and fail if the resulting time comes
+ before the epoch, "1970-01-01T00:00:00Z", when parsing.
+
+ Signed-off-by: Darcy Burke <acednes@gmail.com>
## date.c ##
-@@ date.c: int parse_date_basic(const char *date, timestamp_t *timestamp, int *offset)
- match = match_alpha(date, &tm, offset);
- else if (isdigit(c))
- match = match_digit(date, &tm, offset, &tm_gmt);
-- else if ((c == '-' || c == '+') && isdigit(date[1]))
-+ else if ((c == '-' || c == '+') && isdigit(date[1]) && tm.tm_hour != -1)
- match = match_tz(date, offset);
-
- if (!match) {
@@ date.c: int parse_date_basic(const char *date, timestamp_t *timestamp, int *offset)
}
}
- if (!tm_gmt)
+ if (!tm_gmt) {
-+ if (*offset > 0 && *offset * 60 > *timestamp) {
++ if (*offset > 0 && *offset * 60 > *timestamp)
+ return -1;
-+ }
*timestamp -= *offset * 60;
+ }
+
return 0; /* success */
}
+
+ ## t/t0006-date.sh ##
+@@ t/t0006-date.sh: check_parse '2008-02-14 20:30:45 -:30' '2008-02-14 20:30:45 +0000'
+ check_parse '2008-02-14 20:30:45 -05:00' '2008-02-14 20:30:45 -0500'
+ check_parse '2008-02-14 20:30:45' '2008-02-14 20:30:45 -0500' EST5
+ check_parse 'Thu, 7 Apr 2005 15:14:13 -0700' '2005-04-07 15:14:13 -0700'
++check_parse '1970-01-01 00:00:00' '1970-01-01 00:00:00 +0000'
++check_parse '1970-01-01 00:00:00 +00' '1970-01-01 00:00:00 +0000'
++check_parse '1970-01-01 00:00:00 Z' '1970-01-01 00:00:00 +0000'
++check_parse '1970-01-01 00:00:00 -01' '1970-01-01 00:00:00 -0100'
++check_parse '1970-01-01 00:00:00 +01' bad
++check_parse '1970-01-01 00:00:00 +11' bad
++check_parse '1970-01-01 00:59:59 +01' bad
++check_parse '1970-01-01 01:00:00 +01' '1970-01-01 01:00:00 +0100'
++check_parse '1970-01-01 01:00:00 +11' bad
++check_parse '1970-01-02 00:00:00 +11' '1970-01-02 00:00:00 +1100'
++check_parse '1969-12-31 23:59:59' bad
++check_parse '1969-12-31 23:59:59 +00' bad
++check_parse '1969-12-31 23:59:59 Z' bad
++check_parse '1969-12-31 23:59:59 +11' bad
++check_parse '1969-12-31 23:59:59 -11' bad
+
+ check_approxidate() {
+ echo "$1 -> $2 +0000" >expect
date.c | 6 +++++-
t/t0006-date.sh | 15 +++++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/date.c b/date.c
index 7365a4ad24f..8e3ec1bcb00 100644
--- a/date.c
+++ b/date.c
@@ -937,8 +937,12 @@ int parse_date_basic(const char *date, timestamp_t *timestamp, int *offset)
}
}
- if (!tm_gmt)
+ if (!tm_gmt) {
+ if (*offset > 0 && *offset * 60 > *timestamp)
+ return -1;
*timestamp -= *offset * 60;
+ }
+
return 0; /* success */
}
diff --git a/t/t0006-date.sh b/t/t0006-date.sh
index 3031256d143..cdbb40bec01 100755
--- a/t/t0006-date.sh
+++ b/t/t0006-date.sh
@@ -116,6 +116,21 @@ check_parse '2008-02-14 20:30:45 -:30' '2008-02-14 20:30:45 +0000'
check_parse '2008-02-14 20:30:45 -05:00' '2008-02-14 20:30:45 -0500'
check_parse '2008-02-14 20:30:45' '2008-02-14 20:30:45 -0500' EST5
check_parse 'Thu, 7 Apr 2005 15:14:13 -0700' '2005-04-07 15:14:13 -0700'
+check_parse '1970-01-01 00:00:00' '1970-01-01 00:00:00 +0000'
+check_parse '1970-01-01 00:00:00 +00' '1970-01-01 00:00:00 +0000'
+check_parse '1970-01-01 00:00:00 Z' '1970-01-01 00:00:00 +0000'
+check_parse '1970-01-01 00:00:00 -01' '1970-01-01 00:00:00 -0100'
+check_parse '1970-01-01 00:00:00 +01' bad
+check_parse '1970-01-01 00:00:00 +11' bad
+check_parse '1970-01-01 00:59:59 +01' bad
+check_parse '1970-01-01 01:00:00 +01' '1970-01-01 01:00:00 +0100'
+check_parse '1970-01-01 01:00:00 +11' bad
+check_parse '1970-01-02 00:00:00 +11' '1970-01-02 00:00:00 +1100'
+check_parse '1969-12-31 23:59:59' bad
+check_parse '1969-12-31 23:59:59 +00' bad
+check_parse '1969-12-31 23:59:59 Z' bad
+check_parse '1969-12-31 23:59:59 +11' bad
+check_parse '1969-12-31 23:59:59 -11' bad
check_approxidate() {
echo "$1 -> $2 +0000" >expect
base-commit: 9eaef5822cd76bbeb53b6479ce0ddaad34ee2b14
--
gitgitgadget
next prev parent reply other threads:[~2024-06-02 23:06 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-27 9:17 [PATCH] fix: prevent date underflow when using positive timezone offset darcy via GitGitGadget
2024-05-28 14:05 ` Patrick Steinhardt
2024-05-28 14:49 ` Phillip Wood
2024-05-28 17:06 ` Junio C Hamano
2024-06-02 23:06 ` darcy via GitGitGadget [this message]
2024-06-03 11:13 ` [PATCH v2] date: detect underflow when parsing dates with " Junio C Hamano
2024-06-03 11:44 ` darcy
2024-06-03 14:13 ` Phillip Wood
2024-06-04 8:48 ` darcy
2024-06-04 9:33 ` Jeff King
2024-06-05 6:52 ` darcy
2024-06-05 13:10 ` Phillip Wood
2024-06-05 17:27 ` Junio C Hamano
2024-06-06 4:56 ` darcy
2024-06-07 0:17 ` [PATCH v3] date: detect underflow/overflow when parsing dates with " darcy via GitGitGadget
2024-06-07 17:40 ` Junio C Hamano
2024-06-08 18:58 ` Junio C Hamano
2024-06-14 1:20 ` Junio C Hamano
2024-06-15 11:47 ` Karthik Nayak
2024-06-11 23:30 ` Junio C Hamano
2024-06-11 23:49 ` rsbecker
2024-06-11 23:52 ` Junio C Hamano
2024-06-25 23:12 ` [PATCH v4 0/2] Darcy's "date underflow fix" topic, final reroll Junio C Hamano
2024-06-25 23:12 ` [PATCH v4 1/2] t0006: simplify prerequisites Junio C Hamano
2024-06-25 23:30 ` Eric Sunshine
2024-06-26 0:04 ` Junio C Hamano
2024-06-25 23:12 ` [PATCH v4 2/2] date: detect underflow/overflow when parsing dates with timezone offset Junio C Hamano
2024-06-26 15:21 ` [PATCH v4 0/2] Darcy's "date underflow fix" topic, final reroll Phillip Wood
2024-06-26 18:32 ` Junio C Hamano
2024-06-12 9:07 ` [PATCH v3] date: detect underflow/overflow when parsing dates with timezone offset Phillip Wood
2024-06-12 9:49 ` Karthik Nayak
2024-06-13 13:31 ` Phillip Wood
2024-06-13 16:16 ` Junio C Hamano
2024-06-14 20:09 ` Karthik Nayak
2024-06-14 21:02 ` Junio C Hamano
2024-06-15 11:49 ` Karthik Nayak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1726.v2.git.git.1717369608923.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=acednes@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.