1 /* ====================================================================
2  * The Apache Software License, Version 1.1
3  *
4  * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
5  * reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  *
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  *
19  * 3. The end-user documentation included with the redistribution,
20  *    if any, must include the following acknowledgment:
21  *       "This product includes software developed by the
22  *        Apache Software Foundation (http://www.apache.org/)."
23  *    Alternately, this acknowledgment may appear in the software itself,
24  *    if and wherever such third-party acknowledgments normally appear.
25  *
26  * 4. The names "Apache" and "Apache Software Foundation" must
27  *    not be used to endorse or promote products derived from this
28  *    software without prior written permission. For written
29  *    permission, please contact apache@apache.org.
30  *
31  * 5. Products derived from this software may not be called "Apache",
32  *    nor may "Apache" appear in their name, without prior written
33  *    permission of the Apache Software Foundation.
34  *
35  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38  * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46  * SUCH DAMAGE.
47  * ====================================================================
48  *
49  * This software consists of voluntary contributions made by many
50  * individuals on behalf of the Apache Software Foundation.  For more
51  * information on the Apache Software Foundation, please see
52  * <http://www.apache.org/>.
53  *
54  * Portions of this software are based upon public domain software
55  * originally written at the National Center for Supercomputing Applications,
56  * University of Illinois, Urbana-Champaign.
57  */
58 
59 /*
60  * util_date.c: date parsing utility routines
61  *     These routines are (hopefully) platform-independent.
62  *
63  * 27 Oct 1996  Roy Fielding
64  *     Extracted (with many modifications) from mod_proxy.c and
65  *     tested with over 50,000 randomly chosen valid date strings
66  *     and several hundred variations of invalid date strings.
67  *
68  */
69 
70 #include "ap_config.h"
71 #include "util_date.h"
72 #include <ctype.h>
73 #include <string.h>
74 
75 /*
76  * Compare a string to a mask
77  * Mask characters (arbitrary maximum is 256 characters, just in case):
78  *   @ - uppercase letter
79  *   $ - lowercase letter
80  *   & - hex digit
81  *   # - digit
82  *   ~ - digit or space
83  *   * - swallow remaining characters
84  *  <x> - exact match for any other character
85  */
ap_checkmask(const char * data,const char * mask)86 API_EXPORT(int) ap_checkmask(const char *data, const char *mask)
87 {
88     int i;
89     char d;
90 
91     for (i = 0; i < 256; i++) {
92 	d = data[i];
93 	switch (mask[i]) {
94 	case '\0':
95 	    return (d == '\0');
96 
97 	case '*':
98 	    return 1;
99 
100 	case '@':
101 	    if (!ap_isupper(d))
102 		return 0;
103 	    break;
104 	case '$':
105 	    if (!ap_islower(d))
106 		return 0;
107 	    break;
108 	case '#':
109 	    if (!isdigit((unsigned char)d))
110 		return 0;
111 	    break;
112 	case '&':
113 	    if (!ap_isxdigit(d))
114 		return 0;
115 	    break;
116 	case '~':
117 	    if ((d != ' ') && !isdigit((unsigned char)d))
118 		return 0;
119 	    break;
120 	default:
121 	    if (mask[i] != d)
122 		return 0;
123 	    break;
124 	}
125     }
126     return 0;			/* We only get here if mask is corrupted (exceeds 256) */
127 }
128 
129 /*
130  * tm2sec converts a GMT tm structure into the number of seconds since
131  * 1st January 1970 UT.  Note that we ignore tm_wday, tm_yday, and tm_dst.
132  *
133  * The return value is always a valid time_t value -- (time_t)0 is returned
134  * if the input date is outside that capable of being represented by time(),
135  * i.e., before Thu, 01 Jan 1970 00:00:00 for all systems and
136  * beyond 2038 for 32bit systems.
137  *
138  * This routine is intended to be very fast, much faster than mktime().
139  */
ap_tm2sec(const struct tm * t)140 API_EXPORT(time_t) ap_tm2sec(const struct tm * t)
141 {
142     int year;
143     time_t days;
144     static const int dayoffset[12] =
145     {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
146 
147     year = t->tm_year;
148 
149     if (year < 70 || ((sizeof(time_t) <= 4) && (year >= 138)))
150 	return BAD_DATE;
151 
152     /* shift new year to 1st March in order to make leap year calc easy */
153 
154     if (t->tm_mon < 2)
155 	year--;
156 
157     /* Find number of days since 1st March 1900 (in the Gregorian calendar). */
158 
159     days = year * 365 + year / 4 - year / 100 + (year / 100 + 3) / 4;
160     days += dayoffset[t->tm_mon] + t->tm_mday - 1;
161     days -= 25508;		/* 1 jan 1970 is 25508 days since 1 mar 1900 */
162 
163     days = ((days * 24 + t->tm_hour) * 60 + t->tm_min) * 60 + t->tm_sec;
164 
165     if (days < 0)
166 	return BAD_DATE;	/* must have overflowed */
167     else
168 	return days;		/* must be a valid time */
169 }
170 
171 /*
172  * Parses an HTTP date in one of three standard forms:
173  *
174  *     Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated by RFC 1123
175  *     Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
176  *     Sun Nov  6 08:49:37 1994       ; ANSI C's asctime() format
177  *
178  * and returns the time_t number of seconds since 1 Jan 1970 GMT, or
179  * 0 if this would be out of range or if the date is invalid.
180  *
181  * The restricted HTTP syntax is
182  *
183  *     HTTP-date    = rfc1123-date | rfc850-date | asctime-date
184  *
185  *     rfc1123-date = wkday "," SP date1 SP time SP "GMT"
186  *     rfc850-date  = weekday "," SP date2 SP time SP "GMT"
187  *     asctime-date = wkday SP date3 SP time SP 4DIGIT
188  *
189  *     date1        = 2DIGIT SP month SP 4DIGIT
190  *                    ; day month year (e.g., 02 Jun 1982)
191  *     date2        = 2DIGIT "-" month "-" 2DIGIT
192  *                    ; day-month-year (e.g., 02-Jun-82)
193  *     date3        = month SP ( 2DIGIT | ( SP 1DIGIT ))
194  *                    ; month day (e.g., Jun  2)
195  *
196  *     time         = 2DIGIT ":" 2DIGIT ":" 2DIGIT
197  *                    ; 00:00:00 - 23:59:59
198  *
199  *     wkday        = "Mon" | "Tue" | "Wed"
200  *                  | "Thu" | "Fri" | "Sat" | "Sun"
201  *
202  *     weekday      = "Monday" | "Tuesday" | "Wednesday"
203  *                  | "Thursday" | "Friday" | "Saturday" | "Sunday"
204  *
205  *     month        = "Jan" | "Feb" | "Mar" | "Apr"
206  *                  | "May" | "Jun" | "Jul" | "Aug"
207  *                  | "Sep" | "Oct" | "Nov" | "Dec"
208  *
209  * However, for the sake of robustness (and Netscapeness), we ignore the
210  * weekday and anything after the time field (including the timezone).
211  *
212  * This routine is intended to be very fast; 10x faster than using sscanf.
213  *
214  * Originally from Andrew Daviel <andrew@vancouver-webpages.com>, 29 Jul 96
215  * but many changes since then.
216  *
217  */
ap_parseHTTPdate(const char * date)218 API_EXPORT(time_t) ap_parseHTTPdate(const char *date)
219 {
220     struct tm ds;
221     int mint, mon;
222     const char *monstr, *timstr;
223     static const int months[12] =
224     {
225 	('J' << 16) | ('a' << 8) | 'n', ('F' << 16) | ('e' << 8) | 'b',
226 	('M' << 16) | ('a' << 8) | 'r', ('A' << 16) | ('p' << 8) | 'r',
227 	('M' << 16) | ('a' << 8) | 'y', ('J' << 16) | ('u' << 8) | 'n',
228 	('J' << 16) | ('u' << 8) | 'l', ('A' << 16) | ('u' << 8) | 'g',
229 	('S' << 16) | ('e' << 8) | 'p', ('O' << 16) | ('c' << 8) | 't',
230 	('N' << 16) | ('o' << 8) | 'v', ('D' << 16) | ('e' << 8) | 'c'};
231 
232     if (!date)
233 	return BAD_DATE;
234 
235     while (ap_isspace(*date))			/* Find first non-whitespace char */
236 	++date;
237 
238     if (*date == '\0')
239 	return BAD_DATE;
240 
241     if ((date = strchr(date, ' ')) == NULL)	/* Find space after weekday */
242 	return BAD_DATE;
243 
244     ++date;			/* Now pointing to first char after space, which should be */
245     /* start of the actual date information for all 3 formats. */
246 
247     if (ap_checkmask(date, "## @$$ #### ##:##:## *")) {	/* RFC 1123 format */
248 	ds.tm_year = ((date[7] - '0') * 10 + (date[8] - '0') - 19) * 100;
249 	if (ds.tm_year < 0)
250 	    return BAD_DATE;
251 
252 	ds.tm_year += ((date[9] - '0') * 10) + (date[10] - '0');
253 
254 	ds.tm_mday = ((date[0] - '0') * 10) + (date[1] - '0');
255 
256 	monstr = date + 3;
257 	timstr = date + 12;
258     }
259     else if (ap_checkmask(date, "##-@$$-## ##:##:## *")) {		/* RFC 850 format  */
260 	ds.tm_year = ((date[7] - '0') * 10) + (date[8] - '0');
261 	if (ds.tm_year < 70)
262 	    ds.tm_year += 100;
263 
264 	ds.tm_mday = ((date[0] - '0') * 10) + (date[1] - '0');
265 
266 	monstr = date + 3;
267 	timstr = date + 10;
268     }
269     else if (ap_checkmask(date, "@$$ ~# ##:##:## ####*")) {	/* asctime format  */
270 	ds.tm_year = ((date[16] - '0') * 10 + (date[17] - '0') - 19) * 100;
271 	if (ds.tm_year < 0)
272 	    return BAD_DATE;
273 
274 	ds.tm_year += ((date[18] - '0') * 10) + (date[19] - '0');
275 
276 	if (date[4] == ' ')
277 	    ds.tm_mday = 0;
278 	else
279 	    ds.tm_mday = (date[4] - '0') * 10;
280 
281 	ds.tm_mday += (date[5] - '0');
282 
283 	monstr = date;
284 	timstr = date + 7;
285     }
286     else
287 	return BAD_DATE;
288 
289     if (ds.tm_mday <= 0 || ds.tm_mday > 31)
290 	return BAD_DATE;
291 
292     ds.tm_hour = ((timstr[0] - '0') * 10) + (timstr[1] - '0');
293     ds.tm_min = ((timstr[3] - '0') * 10) + (timstr[4] - '0');
294     ds.tm_sec = ((timstr[6] - '0') * 10) + (timstr[7] - '0');
295 
296     if ((ds.tm_hour > 23) || (ds.tm_min > 59) || (ds.tm_sec > 61))
297 	return BAD_DATE;
298 
299     mint = (monstr[0] << 16) | (monstr[1] << 8) | monstr[2];
300     for (mon = 0; mon < 12; mon++)
301 	if (mint == months[mon])
302 	    break;
303     if (mon == 12)
304 	return BAD_DATE;
305 
306     if ((ds.tm_mday == 31) && (mon == 3 || mon == 5 || mon == 8 || mon == 10))
307 	return BAD_DATE;
308 
309     /* February gets special check for leapyear */
310 
311     if ((mon == 1) &&
312 	((ds.tm_mday > 29)
313 	 || ((ds.tm_mday == 29)
314 	     && ((ds.tm_year & 3)
315 		 || (((ds.tm_year % 100) == 0)
316 		     && (((ds.tm_year % 400) != 100)))))))
317 	return BAD_DATE;
318 
319     ds.tm_mon = mon;
320 
321     return ap_tm2sec(&ds);
322 }
323