1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 /*
23   A brief summary of the date string formats this parser groks:
24 
25   RFC 2616 3.3.1
26 
27   Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated by RFC 1123
28   Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
29   Sun Nov  6 08:49:37 1994       ; ANSI C's asctime() format
30 
31   we support dates without week day name:
32 
33   06 Nov 1994 08:49:37 GMT
34   06-Nov-94 08:49:37 GMT
35   Nov  6 08:49:37 1994
36 
37   without the time zone:
38 
39   06 Nov 1994 08:49:37
40   06-Nov-94 08:49:37
41 
42   weird order:
43 
44   1994 Nov 6 08:49:37  (GNU date fails)
45   GMT 08:49:37 06-Nov-94 Sunday
46   94 6 Nov 08:49:37    (GNU date fails)
47 
48   time left out:
49 
50   1994 Nov 6
51   06-Nov-94
52   Sun Nov 6 94
53 
54   unusual separators:
55 
56   1994.Nov.6
57   Sun/Nov/6/94/GMT
58 
59   commonly used time zone names:
60 
61   Sun, 06 Nov 1994 08:49:37 CET
62   06 Nov 1994 08:49:37 EST
63 
64   time zones specified using RFC822 style:
65 
66   Sun, 12 Sep 2004 15:05:58 -0700
67   Sat, 11 Sep 2004 21:32:11 +0200
68 
69   compact numerical date strings:
70 
71   20040912 15:05:58 -0700
72   20040911 +0200
73 
74 */
75 
76 #include "curl_setup.h"
77 
78 #include <limits.h>
79 
80 #include <curl/curl.h>
81 #include "strcase.h"
82 #include "warnless.h"
83 #include "parsedate.h"
84 
85 const char * const Curl_wkday[] =
86 {"Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"};
87 static const char * const weekday[] =
88 { "Monday", "Tuesday", "Wednesday", "Thursday",
89   "Friday", "Saturday", "Sunday" };
90 const char * const Curl_month[]=
91 { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
92   "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
93 
94 struct tzinfo {
95   char name[5];
96   int offset; /* +/- in minutes */
97 };
98 
99 /*
100  * parsedate()
101  *
102  * Returns:
103  *
104  * PARSEDATE_OK     - a fine conversion
105  * PARSEDATE_FAIL   - failed to convert
106  * PARSEDATE_LATER  - time overflow at the far end of time_t
107  * PARSEDATE_SOONER - time underflow at the low end of time_t
108  */
109 
110 static int parsedate(const char *date, time_t *output);
111 
112 #define PARSEDATE_OK     0
113 #define PARSEDATE_FAIL   -1
114 #define PARSEDATE_LATER  1
115 #define PARSEDATE_SOONER 2
116 
117 /* Here's a bunch of frequently used time zone names. These were supported
118    by the old getdate parser. */
119 #define tDAYZONE -60       /* offset for daylight savings time */
120 static const struct tzinfo tz[]= {
121   {"GMT", 0},              /* Greenwich Mean */
122   {"UT",  0},              /* Universal Time */
123   {"UTC", 0},              /* Universal (Coordinated) */
124   {"WET", 0},              /* Western European */
125   {"BST", 0 tDAYZONE},     /* British Summer */
126   {"WAT", 60},             /* West Africa */
127   {"AST", 240},            /* Atlantic Standard */
128   {"ADT", 240 tDAYZONE},   /* Atlantic Daylight */
129   {"EST", 300},            /* Eastern Standard */
130   {"EDT", 300 tDAYZONE},   /* Eastern Daylight */
131   {"CST", 360},            /* Central Standard */
132   {"CDT", 360 tDAYZONE},   /* Central Daylight */
133   {"MST", 420},            /* Mountain Standard */
134   {"MDT", 420 tDAYZONE},   /* Mountain Daylight */
135   {"PST", 480},            /* Pacific Standard */
136   {"PDT", 480 tDAYZONE},   /* Pacific Daylight */
137   {"YST", 540},            /* Yukon Standard */
138   {"YDT", 540 tDAYZONE},   /* Yukon Daylight */
139   {"HST", 600},            /* Hawaii Standard */
140   {"HDT", 600 tDAYZONE},   /* Hawaii Daylight */
141   {"CAT", 600},            /* Central Alaska */
142   {"AHST", 600},           /* Alaska-Hawaii Standard */
143   {"NT",  660},            /* Nome */
144   {"IDLW", 720},           /* International Date Line West */
145   {"CET", -60},            /* Central European */
146   {"MET", -60},            /* Middle European */
147   {"MEWT", -60},           /* Middle European Winter */
148   {"MEST", -60 tDAYZONE},  /* Middle European Summer */
149   {"CEST", -60 tDAYZONE},  /* Central European Summer */
150   {"MESZ", -60 tDAYZONE},  /* Middle European Summer */
151   {"FWT", -60},            /* French Winter */
152   {"FST", -60 tDAYZONE},   /* French Summer */
153   {"EET", -120},           /* Eastern Europe, USSR Zone 1 */
154   {"WAST", -420},          /* West Australian Standard */
155   {"WADT", -420 tDAYZONE}, /* West Australian Daylight */
156   {"CCT", -480},           /* China Coast, USSR Zone 7 */
157   {"JST", -540},           /* Japan Standard, USSR Zone 8 */
158   {"EAST", -600},          /* Eastern Australian Standard */
159   {"EADT", -600 tDAYZONE}, /* Eastern Australian Daylight */
160   {"GST", -600},           /* Guam Standard, USSR Zone 9 */
161   {"NZT", -720},           /* New Zealand */
162   {"NZST", -720},          /* New Zealand Standard */
163   {"NZDT", -720 tDAYZONE}, /* New Zealand Daylight */
164   {"IDLE", -720},          /* International Date Line East */
165   /* Next up: Military timezone names. RFC822 allowed these, but (as noted in
166      RFC 1123) had their signs wrong. Here we use the correct signs to match
167      actual military usage.
168    */
169   {"A",  1 * 60},         /* Alpha */
170   {"B",  2 * 60},         /* Bravo */
171   {"C",  3 * 60},         /* Charlie */
172   {"D",  4 * 60},         /* Delta */
173   {"E",  5 * 60},         /* Echo */
174   {"F",  6 * 60},         /* Foxtrot */
175   {"G",  7 * 60},         /* Golf */
176   {"H",  8 * 60},         /* Hotel */
177   {"I",  9 * 60},         /* India */
178   /* "J", Juliet is not used as a timezone, to indicate the observer's local
179      time */
180   {"K", 10 * 60},         /* Kilo */
181   {"L", 11 * 60},         /* Lima */
182   {"M", 12 * 60},         /* Mike */
183   {"N",  -1 * 60},         /* November */
184   {"O",  -2 * 60},         /* Oscar */
185   {"P",  -3 * 60},         /* Papa */
186   {"Q",  -4 * 60},         /* Quebec */
187   {"R",  -5 * 60},         /* Romeo */
188   {"S",  -6 * 60},         /* Sierra */
189   {"T",  -7 * 60},         /* Tango */
190   {"U",  -8 * 60},         /* Uniform */
191   {"V",  -9 * 60},         /* Victor */
192   {"W", -10 * 60},         /* Whiskey */
193   {"X", -11 * 60},         /* X-ray */
194   {"Y", -12 * 60},         /* Yankee */
195   {"Z", 0},                /* Zulu, zero meridian, a.k.a. UTC */
196 };
197 
198 /* returns:
199    -1 no day
200    0 monday - 6 sunday
201 */
202 
checkday(const char * check,size_t len)203 static int checkday(const char *check, size_t len)
204 {
205   int i;
206   const char * const *what;
207   bool found = FALSE;
208   if(len > 3)
209     what = &weekday[0];
210   else
211     what = &Curl_wkday[0];
212   for(i = 0; i<7; i++) {
213     if(strcasecompare(check, what[0])) {
214       found = TRUE;
215       break;
216     }
217     what++;
218   }
219   return found?i:-1;
220 }
221 
checkmonth(const char * check)222 static int checkmonth(const char *check)
223 {
224   int i;
225   const char * const *what;
226   bool found = FALSE;
227 
228   what = &Curl_month[0];
229   for(i = 0; i<12; i++) {
230     if(strcasecompare(check, what[0])) {
231       found = TRUE;
232       break;
233     }
234     what++;
235   }
236   return found?i:-1; /* return the offset or -1, no real offset is -1 */
237 }
238 
239 /* return the time zone offset between GMT and the input one, in number
240    of seconds or -1 if the timezone wasn't found/legal */
241 
checktz(const char * check)242 static int checktz(const char *check)
243 {
244   unsigned int i;
245   const struct tzinfo *what;
246   bool found = FALSE;
247 
248   what = tz;
249   for(i = 0; i< sizeof(tz)/sizeof(tz[0]); i++) {
250     if(strcasecompare(check, what->name)) {
251       found = TRUE;
252       break;
253     }
254     what++;
255   }
256   return found?what->offset*60:-1;
257 }
258 
skip(const char ** date)259 static void skip(const char **date)
260 {
261   /* skip everything that aren't letters or digits */
262   while(**date && !ISALNUM(**date))
263     (*date)++;
264 }
265 
266 enum assume {
267   DATE_MDAY,
268   DATE_YEAR,
269   DATE_TIME
270 };
271 
272 /* this is a clone of 'struct tm' but with all fields we don't need or use
273    cut out */
274 struct my_tm {
275   int tm_sec;
276   int tm_min;
277   int tm_hour;
278   int tm_mday;
279   int tm_mon;
280   int tm_year; /* full year */
281 };
282 
283 /* struct tm to time since epoch in GMT time zone.
284  * This is similar to the standard mktime function but for GMT only, and
285  * doesn't suffer from the various bugs and portability problems that
286  * some systems' implementations have.
287  *
288  * Returns 0 on success, otherwise non-zero.
289  */
my_timegm(struct my_tm * tm,time_t * t)290 static void my_timegm(struct my_tm *tm, time_t *t)
291 {
292   static const int month_days_cumulative [12] =
293     { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
294   int month, year, leap_days;
295 
296   year = tm->tm_year;
297   month = tm->tm_mon;
298   if(month < 0) {
299     year += (11 - month) / 12;
300     month = 11 - (11 - month) % 12;
301   }
302   else if(month >= 12) {
303     year -= month / 12;
304     month = month % 12;
305   }
306 
307   leap_days = year - (tm->tm_mon <= 1);
308   leap_days = ((leap_days / 4) - (leap_days / 100) + (leap_days / 400)
309                - (1969 / 4) + (1969 / 100) - (1969 / 400));
310 
311   *t = ((((time_t) (year - 1970) * 365
312           + leap_days + month_days_cumulative[month] + tm->tm_mday - 1) * 24
313          + tm->tm_hour) * 60 + tm->tm_min) * 60 + tm->tm_sec;
314 }
315 
316 /*
317  * parsedate()
318  *
319  * Returns:
320  *
321  * PARSEDATE_OK     - a fine conversion
322  * PARSEDATE_FAIL   - failed to convert
323  * PARSEDATE_LATER  - time overflow at the far end of time_t
324  * PARSEDATE_SOONER - time underflow at the low end of time_t
325  */
326 
parsedate(const char * date,time_t * output)327 static int parsedate(const char *date, time_t *output)
328 {
329   time_t t = 0;
330   int wdaynum = -1;  /* day of the week number, 0-6 (mon-sun) */
331   int monnum = -1;   /* month of the year number, 0-11 */
332   int mdaynum = -1; /* day of month, 1 - 31 */
333   int hournum = -1;
334   int minnum = -1;
335   int secnum = -1;
336   int yearnum = -1;
337   int tzoff = -1;
338   struct my_tm tm;
339   enum assume dignext = DATE_MDAY;
340   const char *indate = date; /* save the original pointer */
341   int part = 0; /* max 6 parts */
342 
343   while(*date && (part < 6)) {
344     bool found = FALSE;
345 
346     skip(&date);
347 
348     if(ISALPHA(*date)) {
349       /* a name coming up */
350       char buf[32]="";
351       size_t len;
352       if(sscanf(date, "%31[ABCDEFGHIJKLMNOPQRSTUVWXYZ"
353                           "abcdefghijklmnopqrstuvwxyz]", buf))
354         len = strlen(buf);
355       else
356         len = 0;
357 
358       if(wdaynum == -1) {
359         wdaynum = checkday(buf, len);
360         if(wdaynum != -1)
361           found = TRUE;
362       }
363       if(!found && (monnum == -1)) {
364         monnum = checkmonth(buf);
365         if(monnum != -1)
366           found = TRUE;
367       }
368 
369       if(!found && (tzoff == -1)) {
370         /* this just must be a time zone string */
371         tzoff = checktz(buf);
372         if(tzoff != -1)
373           found = TRUE;
374       }
375 
376       if(!found)
377         return PARSEDATE_FAIL; /* bad string */
378 
379       date += len;
380     }
381     else if(ISDIGIT(*date)) {
382       /* a digit */
383       int val;
384       char *end;
385       int len = 0;
386       if((secnum == -1) &&
387          (3 == sscanf(date, "%02d:%02d:%02d%n",
388                       &hournum, &minnum, &secnum, &len))) {
389         /* time stamp! */
390         date += len;
391       }
392       else if((secnum == -1) &&
393               (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
394         /* time stamp without seconds */
395         date += len;
396         secnum = 0;
397       }
398       else {
399         long lval;
400         int error;
401         int old_errno;
402 
403         old_errno = errno;
404         errno = 0;
405         lval = strtol(date, &end, 10);
406         error = errno;
407         if(errno != old_errno)
408           errno = old_errno;
409 
410         if(error)
411           return PARSEDATE_FAIL;
412 
413 #if LONG_MAX != INT_MAX
414         if((lval > (long)INT_MAX) || (lval < (long)INT_MIN))
415           return PARSEDATE_FAIL;
416 #endif
417 
418         val = curlx_sltosi(lval);
419 
420         if((tzoff == -1) &&
421            ((end - date) == 4) &&
422            (val <= 1400) &&
423            (indate< date) &&
424            ((date[-1] == '+' || date[-1] == '-'))) {
425           /* four digits and a value less than or equal to 1400 (to take into
426              account all sorts of funny time zone diffs) and it is preceded
427              with a plus or minus. This is a time zone indication.  1400 is
428              picked since +1300 is frequently used and +1400 is mentioned as
429              an edge number in the document "ISO C 200X Proposal: Timezone
430              Functions" at http://david.tribble.com/text/c0xtimezone.html If
431              anyone has a more authoritative source for the exact maximum time
432              zone offsets, please speak up! */
433           found = TRUE;
434           tzoff = (val/100 * 60 + val%100)*60;
435 
436           /* the + and - prefix indicates the local time compared to GMT,
437              this we need their reversed math to get what we want */
438           tzoff = date[-1]=='+'?-tzoff:tzoff;
439         }
440 
441         if(((end - date) == 8) &&
442            (yearnum == -1) &&
443            (monnum == -1) &&
444            (mdaynum == -1)) {
445           /* 8 digits, no year, month or day yet. This is YYYYMMDD */
446           found = TRUE;
447           yearnum = val/10000;
448           monnum = (val%10000)/100-1; /* month is 0 - 11 */
449           mdaynum = val%100;
450         }
451 
452         if(!found && (dignext == DATE_MDAY) && (mdaynum == -1)) {
453           if((val > 0) && (val<32)) {
454             mdaynum = val;
455             found = TRUE;
456           }
457           dignext = DATE_YEAR;
458         }
459 
460         if(!found && (dignext == DATE_YEAR) && (yearnum == -1)) {
461           yearnum = val;
462           found = TRUE;
463           if(yearnum < 100) {
464             if(yearnum > 70)
465               yearnum += 1900;
466             else
467               yearnum += 2000;
468           }
469           if(mdaynum == -1)
470             dignext = DATE_MDAY;
471         }
472 
473         if(!found)
474           return PARSEDATE_FAIL;
475 
476         date = end;
477       }
478     }
479 
480     part++;
481   }
482 
483   if(-1 == secnum)
484     secnum = minnum = hournum = 0; /* no time, make it zero */
485 
486   if((-1 == mdaynum) ||
487      (-1 == monnum) ||
488      (-1 == yearnum))
489     /* lacks vital info, fail */
490     return PARSEDATE_FAIL;
491 
492 #ifdef HAVE_TIME_T_UNSIGNED
493   if(yearnum < 1970) {
494     /* only positive numbers cannot return earlier */
495     *output = TIME_T_MIN;
496     return PARSEDATE_SOONER;
497   }
498 #endif
499 
500 #if (SIZEOF_TIME_T < 5)
501 
502 #ifdef HAVE_TIME_T_UNSIGNED
503   /* an unsigned 32 bit time_t can only hold dates to 2106 */
504   if(yearnum > 2105) {
505     *output = TIME_T_MAX;
506     return PARSEDATE_LATER;
507   }
508 #else
509   /* a signed 32 bit time_t can only hold dates to the beginning of 2038 */
510   if(yearnum > 2037) {
511     *output = TIME_T_MAX;
512     return PARSEDATE_LATER;
513   }
514   if(yearnum < 1903) {
515     *output = TIME_T_MIN;
516     return PARSEDATE_SOONER;
517   }
518 #endif
519 
520 #else
521   /* The Gregorian calendar was introduced 1582 */
522   if(yearnum < 1583)
523     return PARSEDATE_FAIL;
524 #endif
525 
526   if((mdaynum > 31) || (monnum > 11) ||
527      (hournum > 23) || (minnum > 59) || (secnum > 60))
528     return PARSEDATE_FAIL; /* clearly an illegal date */
529 
530   tm.tm_sec = secnum;
531   tm.tm_min = minnum;
532   tm.tm_hour = hournum;
533   tm.tm_mday = mdaynum;
534   tm.tm_mon = monnum;
535   tm.tm_year = yearnum;
536 
537   /* my_timegm() returns a time_t. time_t is often 32 bits, sometimes even on
538      architectures that feature 64 bit 'long' but ultimately time_t is the
539      correct data type to use.
540   */
541   my_timegm(&tm, &t);
542 
543   /* Add the time zone diff between local time zone and GMT. */
544   if(tzoff == -1)
545     tzoff = 0;
546 
547   if((tzoff > 0) && (t > TIME_T_MAX - tzoff)) {
548     *output = TIME_T_MAX;
549     return PARSEDATE_LATER; /* time_t overflow */
550   }
551 
552   t += tzoff;
553 
554   *output = t;
555 
556   return PARSEDATE_OK;
557 }
558 
curl_getdate(const char * p,const time_t * now)559 time_t curl_getdate(const char *p, const time_t *now)
560 {
561   time_t parsed = -1;
562   int rc = parsedate(p, &parsed);
563   (void)now; /* legacy argument from the past that we ignore */
564 
565   if(rc == PARSEDATE_OK) {
566     if(parsed == -1)
567       /* avoid returning -1 for a working scenario */
568       parsed++;
569     return parsed;
570   }
571   /* everything else is fail */
572   return -1;
573 }
574 
575 /*
576  * Curl_gmtime() is a gmtime() replacement for portability. Do not use the
577  * gmtime_r() or gmtime() functions anywhere else but here.
578  *
579  */
580 
Curl_gmtime(time_t intime,struct tm * store)581 CURLcode Curl_gmtime(time_t intime, struct tm *store)
582 {
583   const struct tm *tm;
584 #ifdef HAVE_GMTIME_R
585   /* thread-safe version */
586   tm = (struct tm *)gmtime_r(&intime, store);
587 #else
588   tm = gmtime(&intime);
589   if(tm)
590     *store = *tm; /* copy the pointed struct to the local copy */
591 #endif
592 
593   if(!tm)
594     return CURLE_BAD_FUNCTION_ARGUMENT;
595   return CURLE_OK;
596 }
597