Thread (7 messages) 7 messages, 4 authors, 2024-06-13
STALE747d

[PATCH] fix: prevent date underflow when using positive timezone offset

From: darcy via GitGitGadget <hidden>
Date: 2024-05-27 09:17:10
Subsystem: the rest · Maintainer: Linus Torvalds

From: darcy <redacted>

Overriding the date of a commit to be `1970-01-01` with a large enough
timezone for the equivalent GMT time to before 1970 is no longer
accepted.

Example: `GIT_COMMITTER_DATE='1970-01-01T00:00:00+10' git commit` would
previously be accepted, only to unexpectedly fail in other parts of the
code, such as `git push`. The timestamp is now checked against postitive
timezone values.

Signed-off-by: darcy <redacted>
---
    fix: prevent date underflow when using positive timezone offset

Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1726%2Fdxrcy%2Fmaster-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1726/dxrcy/master-v1
Pull-Request: https://github.com/git/git/pull/1726

 date.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/date.c b/date.c
index 7365a4ad24f..8388629f267 100644
--- a/date.c
+++ b/date.c
@@ -908,7 +908,7 @@ int parse_date_basic(const char *date, timestamp_t *timestamp, int *offset)
 			match = match_alpha(date, &tm, offset);
 		else if (isdigit(c))
 			match = match_digit(date, &tm, offset, &tm_gmt);
-		else if ((c == '-' || c == '+') && isdigit(date[1]))
+		else if ((c == '-' || c == '+') && isdigit(date[1]) && tm.tm_hour != -1)
 			match = match_tz(date, offset);
 
 		if (!match) {
@@ -937,8 +937,13 @@ int parse_date_basic(const char *date, timestamp_t *timestamp, int *offset)
 		}
 	}
 
-	if (!tm_gmt)
+	if (!tm_gmt) {
+		if (*offset > 0 && *offset * 60 > *timestamp) {
+			return -1;
+		}
 		*timestamp -= *offset * 60;
+	}
+
 	return 0; /* success */
 }
 
base-commit: b9cfe4845cb2562584837bc0101c0ab76490a239
-- 
gitgitgadget
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help