index : static-web-server.git

ascending towards madness

author Jose Quintana <joseluisquintana20@gmail.com> 2022-09-25 20:23:55.0 +00:00:00
committer Jose Quintana <joseluisquintana20@gmail.com> 2022-09-25 21:06:09.0 +00:00:00
commit 
82caf15f50475896fd5f71c0c260106b5e6ec707 [patch]
tree 
cd45089f6cb9840a68b3ea7392ff0d0aeca84f44
parent 
3ca743a7b5a0133404f09d18d3a94f4d11046474
download 
82caf15f50475896fd5f71c0c260106b5e6ec707.tar.gz

fix: potential segfault in the time crate `RUSTSEC-2020-0071`

migrating `time` to latest `chrono` 0.4

fixes #142

Diff

 Cargo.lock               | 82 +++++++++++++++++++++++++++++++++++++------------
 Cargo.toml               |  2 +-
 src/directory_listing.rs | 15 ++++++---
 3 files changed, 74 insertions(+), 25 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index f6865e8..6c71291 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -33,6 +33,15 @@ dependencies = [
]

[[package]]
name = "android_system_properties"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
 "libc",
]

[[package]]
name = "ansi_term"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -171,6 +180,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"

[[package]]
name = "chrono"
version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1"
dependencies = [
 "iana-time-zone",
 "num-integer",
 "num-traits",
 "winapi",
]

[[package]]
name = "cipher"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -191,6 +212,12 @@ dependencies = [
]

[[package]]
name = "core-foundation-sys"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"

[[package]]
name = "cpufeatures"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -337,7 +364,7 @@ checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6"
dependencies = [
 "cfg-if",
 "libc",
 "wasi 0.11.0+wasi-snapshot-preview1",
 "wasi",
]

[[package]]
@@ -496,6 +523,19 @@ dependencies = [
]

[[package]]
name = "iana-time-zone"
version = "0.1.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd911b35d940d2bd0bea0f9100068e5b97b51a1cbe13d13382f132e0365257a0"
dependencies = [
 "android_system_properties",
 "core-foundation-sys",
 "js-sys",
 "wasm-bindgen",
 "winapi",
]

[[package]]
name = "indexmap"
version = "1.9.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -610,11 +650,30 @@ checksum = "57ee1c23c7c63b0c9250c339ffdc69255f110b298b901b9f6c82547b7b87caaf"
dependencies = [
 "libc",
 "log",
 "wasi 0.11.0+wasi-snapshot-preview1",
 "wasi",
 "windows-sys",
]

[[package]]
name = "num-integer"
version = "0.1.45"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
dependencies = [
 "autocfg",
 "num-traits",
]

[[package]]
name = "num-traits"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
dependencies = [
 "autocfg",
]

[[package]]
name = "num_cpus"
version = "1.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -954,6 +1013,7 @@ dependencies = [
 "async-compression",
 "bcrypt",
 "bytes",
 "chrono",
 "form_urlencoded",
 "futures-util",
 "globset",
@@ -975,7 +1035,6 @@ dependencies = [
 "signal-hook-tokio",
 "structopt",
 "tikv-jemallocator",
 "time",
 "tokio",
 "tokio-rustls",
 "tokio-util",
@@ -1073,17 +1132,6 @@ dependencies = [
]

[[package]]
name = "time"
version = "0.1.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255"
dependencies = [
 "libc",
 "wasi 0.10.0+wasi-snapshot-preview1",
 "winapi",
]

[[package]]
name = "tokio"
version = "1.21.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1282,12 +1330,6 @@ dependencies = [

[[package]]
name = "wasi"
version = "0.10.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"

[[package]]
name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
diff --git a/Cargo.toml b/Cargo.toml
index 6a47e8a..2999deb 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -50,7 +50,7 @@ serde = { version = "1.0", default-features = false, features = ["derive"] }
serde_ignored = "0.1"
serde_repr = "0.1"
structopt = { version = "0.3", default-features = false }
time = { version = "0.1", default-features = false }
chrono = { version = "0.4", default-features = false, features = ["std", "clock"] }
tokio = { version = "1", default-features = false, features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"] }
tokio-rustls = { version = "0.23" }
tokio-util = { version = "0.7", default-features = false, features = ["io"] }
diff --git a/src/directory_listing.rs b/src/directory_listing.rs
index 5f48f79..0e12b1c 100644
--- a/src/directory_listing.rs
+++ b/src/directory_listing.rs
@@ -1,3 +1,4 @@
use chrono::{DateTime, Local, NaiveDateTime, Utc};
use futures_util::future::Either;
use futures_util::{future, FutureExt};
use headers::{ContentLength, ContentType, HeaderMapExt};
@@ -145,7 +146,7 @@ async fn read_dir_entries(
        }

        let modified = match parse_last_modified(meta.modified()?) {
            Ok(tm) => tm.to_local().strftime("%F %T")?.to_string(),
            Ok(local_dt) => local_dt.format("%F %T").to_string(),
            Err(err) => {
                tracing::error!("error determining file last modified: {:?}", err);
                String::from("-")
@@ -310,7 +311,9 @@ fn sort_files(
    (name, last_modified, size)
}

fn parse_last_modified(modified: SystemTime) -> Result<time::Tm, Box<dyn std::error::Error>> {
fn parse_last_modified(
    modified: SystemTime,
) -> Result<DateTime<Local>, Box<dyn std::error::Error>> {
    let since_epoch = modified.duration_since(UNIX_EPOCH)?;
    // HTTP times don't have nanosecond precision, so we truncate
    // the modification time.
@@ -321,6 +324,10 @@ fn parse_last_modified(modified: SystemTime) -> Result<time::Tm, Box<dyn std::er
    // the modification time of a file with greater than second
    // precision appears to be something that only is possible to
    // do on Linux.
    let ts = time::Timespec::new(since_epoch.as_secs() as i64, 0);
    Ok(time::at_utc(ts))
    let utc_dt = NaiveDateTime::from_timestamp(
        since_epoch.as_secs() as i64,
        since_epoch.subsec_nanos() as u32,
    );
    let local_dt = DateTime::<Utc>::from_utc(utc_dt, Utc).with_timezone(&Local);
    Ok(local_dt)
}