Browse Source

According to RFC7231, section 7.1.1.1, the HTTP date header supports

no other timezone than the fixed string "GMT".  Avoid using strptime %Z,
which is nonstandard and can give surprising results on other operating
systems.  ok deraadt@ giovanni@ bcook@
OPENBSD_6_0
naddy 8 years ago
parent
commit
4cf98f2633
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      src/usr.sbin/ntpd/constraint.c

+ 2
- 2
src/usr.sbin/ntpd/constraint.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraint.c,v 1.25 2016/01/27 21:48:34 reyk Exp $ */
/* $OpenBSD: constraint.c,v 1.26 2016/03/05 16:09:20 naddy Exp $ */
/* /*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -903,7 +903,7 @@ httpsdate_request(struct httpsdate *httpsdate, struct timeval *when)
* or ANSI C's asctime() - the latter doesn't include * or ANSI C's asctime() - the latter doesn't include
* the timezone which is required here. * the timezone which is required here.
*/ */
if (strptime(p, "%a, %d %h %Y %T %Z",
if (strptime(p, "%a, %d %h %Y %T GMT",
&httpsdate->tls_tm) == NULL) { &httpsdate->tls_tm) == NULL) {
log_warnx("unsupported date format"); log_warnx("unsupported date format");
free(line); free(line);


Loading…
Cancel
Save