From 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 25 Oct 2023 19:41:45 +0000
Subject: [PATCH] RFC 1123: Fix date parsing (#1538)

The bug was discovered and detailed by Joshua Rogers at
https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
Handling".

Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b]
CVE: CVE-2023-49285
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 lib/rfc1123.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/rfc1123.c b/lib/rfc1123.c
index e5bf9a4d705..cb484cc002b 100644
--- a/lib/rfc1123.c
+++ b/lib/rfc1123.c
@@ -50,7 +50,13 @@ make_month(const char *s)
     char month[3];
 
     month[0] = xtoupper(*s);
+    if (!month[0])
+        return -1; // protects *(s + 1) below
+
     month[1] = xtolower(*(s + 1));
+    if (!month[1])
+        return -1; // protects *(s + 2) below
+
     month[2] = xtolower(*(s + 2));
 
     for (i = 0; i < 12; i++)