From 05f67f2fafa73908e9463220d74eb76afb17c613 Mon Sep 17 00:00:00 2001
From: Jean-Francois Dockes <jfd@recoll.org>
Date: Mon, 13 Sep 2010 13:57:20 +0200
Subject: [PATCH] a bit more checking on input for date: searches

---
 src/utils/smallut.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/utils/smallut.cpp b/src/utils/smallut.cpp
index 771f4da8..8fc3d046 100644
--- a/src/utils/smallut.cpp
+++ b/src/utils/smallut.cpp
@@ -717,6 +717,10 @@ static bool parsedate(vector<string>::const_iterator& it,
               vector<string>::const_iterator end, DateInterval *dip)
 {
     dip->y1 = dip->m1 = dip->d1 = dip->y2 = dip->m2 = dip->d2 = 0;
+    if (it->length() > 4 || !it->length() || 
+        it->find_first_not_of("0123456789") != string::npos) {
+        return false;
+    }
     if (it == end || sscanf(it++->c_str(), "%d", &dip->y1) != 1) {
         return false;
     }
@@ -726,6 +730,10 @@ static bool parsedate(vector<string>::const_iterator& it,
         return false;
     }
 
+    if (it->length() > 2 || !it->length() || 
+        it->find_first_not_of("0123456789") != string::npos) {
+        return false;
+    }
     if (it == end || sscanf(it++->c_str(), "%d", &dip->m1) != 1) {
         return false;
     }
@@ -735,6 +743,10 @@ static bool parsedate(vector<string>::const_iterator& it,
         return false;
     }
 
+    if (it->length() > 2 || !it->length() || 
+        it->find_first_not_of("0123456789") != string::npos) {
+        return false;
+    }
     if (it == end || sscanf(it++->c_str(), "%d", &dip->d1) != 1) {
         return -1;
     }
@@ -751,6 +763,9 @@ static bool parseperiod(vector<string>::const_iterator& it,
     dip->y1 = dip->m1 = dip->d1 = dip->y2 = dip->m2 = dip->d2 = 0;
     while (it != end) {
         int value;
+        if (it->find_first_not_of("0123456789") != string::npos) {
+            return false;
+        }
         if (sscanf(it++->c_str(), "%d", &value) != 1) {
             return false;
         }