From 9febc2b238e1e322dce1f94ecbed46d595893b52 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 28 May 2016 11:03:35 +0200 Subject: accept only the expected UTC timezones in date parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit HTTP/1.1 hardcodes GMT (RFC 7231 §7.1.1.1) and what is good enough for the internet must be good enough for us™ as we reuse the implementation internally to parse (most) dates we encounter in various places like the Release files with their Date and Valid-Until header fields. Implementing a fully timezone aware parser just feels too hard for no effective benefit as it would take 5+ years (= until LTS's are out of fashion) until a repository could use non-UTC dates and expect it to work. Not counting non-apt implementations which might or might not only want to encounter UTC here as well. As a bonus, this eliminates the use of an instance of setlocale in libapt. Closes: 819697 --- apt-pkg/contrib/strutl.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'apt-pkg/contrib/strutl.h') diff --git a/apt-pkg/contrib/strutl.h b/apt-pkg/contrib/strutl.h index ef1172678..a32aaf06d 100644 --- a/apt-pkg/contrib/strutl.h +++ b/apt-pkg/contrib/strutl.h @@ -67,6 +67,21 @@ std::string Base64Encode(const std::string &Str); std::string OutputInDepth(const unsigned long Depth, const char* Separator=" "); std::string URItoFileName(const std::string &URI); std::string TimeRFC1123(time_t Date); +/** parses time as needed by HTTP/1.1 and Debian files. + * + * HTTP/1.1 prefers dates in RFC1123 format (but the other two obsolete date formats + * are supported to) and e.g. Release files use the same format in Date & Valid-Until + * fields. + * + * Note: datetime strings need to be in UTC timezones (GMT, UTC, Z, +/-0000) to be + * parsed. Other timezones will be rejected as invalid. Previous implementations + * accepted other timezones, but treated them as UTC. + * + * @param str is the datetime string to parse + * @param[out] time will be the seconds since epoch of the given datetime if + * parsing is successful, undefined otherwise. + * @return \b true if parsing was successful, otherwise \b false. + */ bool RFC1123StrToTime(const char* const str,time_t &time) APT_MUSTCHECK; bool FTPMDTMStrToTime(const char* const str,time_t &time) APT_MUSTCHECK; APT_DEPRECATED_MSG("Use RFC1123StrToTime or FTPMDTMStrToTime as needed instead") bool StrToTime(const std::string &Val,time_t &Result); -- cgit v1.2.3