Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Non-digits in time zone offset #694

Closed
moorereason opened this issue Dec 1, 2021 · 2 comments
Closed

Non-digits in time zone offset #694

moorereason opened this issue Dec 1, 2021 · 2 comments
Labels
bug Issues describing a bug in go-toml. v2 Issues impacting the v2 major version.

Comments

@moorereason
Copy link
Contributor

Describe the bug
Time zone offset parser doesn't ensure only digits are used.

To Reproduce
With gotoml-test-decoder:

$ echo "0=0000-01-01 00:00:00+00:0Z" | gotoml-test-decoder
{
  "0": {
    "type": "datetime",
    "value": "0000-01-01T00:00:00+00:42"
  }
}

Test cases:

diff --git a/unmarshaler_test.go b/unmarshaler_test.go
index c29f9ac..d6bd268 100644
--- a/unmarshaler_test.go
+++ b/unmarshaler_test.go
@@ -2632,6 +2632,14 @@ world'`,
                        desc: `invalid number of seconds digits with trailing digit`,
                        data: `a=0000-01-01 00:00:000000Z3`,
                },
+               {
+                       desc: `invalid character in zone offset hours`,
+                       data: `a=0000-01-01 00:00:00+0Z:00`,
+               },
+               {
+                       desc: `invalid character in zone offset minutes`,
+                       data: `a=0000-01-01 00:00:00+00:0Z`,
+               },
                {
                        desc: `invalid number of seconds`,
                        data: `a=0000-01-01 00:00:00+27000`,

Expected behavior
Expected to receive an error.

Versions

  • go-toml: c862c34
  • go version go1.17.3 linux/amd64

Additional context
Found while doing differential fuzzing against toml-dart.

pelletier added a commit that referenced this issue Dec 2, 2021
@pelletier pelletier added the bug Issues describing a bug in go-toml. label Dec 2, 2021
@pelletier
Copy link
Owner

Thought I had completely removed that function that doesn't check errors when parsing digits 😅

@pelletier pelletier added the v2 Issues impacting the v2 major version. label Dec 2, 2021
@pelletier
Copy link
Owner

Fixed in 9bf9be6. The offending function is no more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Issues describing a bug in go-toml. v2 Issues impacting the v2 major version.
Projects
None yet
Development

No branches or pull requests

2 participants