Bug inside the RFC6265 S5.1.1 date parser parseDate() on days 29, 30, 31

[syndr0m]

Every date on a day 29, 30 or 31 are wrongly parsed if the current date month has less days than the parsed one.

Small exemple of a cookie expiring on Mars 29 parsed Mars 01 :

$> git clone https://github.com/goinstant/tough-cookie.git && cd tough-cookie && npm install # latest

# current date is february 
$>node -e 'console.log(new Date())'  
Fri Feb 27 2015 15:35:53 GMT+0100 (CET)

# wrongly parsed cookie example
$> node -e "console.log(require('./lib/cookie').Cookie.parse('foo=bar; path=/; expires=Sun, 29 Mar 2015 15:13:10 GMT;'));"
Cookie="foo=bar; Expires=Sun, 01 Mar 2015 15:13:10 GMT; Path=/; hostOnly=?; aAge=?; cAge=0ms"

This is a bug inside parseDate() ( https://github.com/goinstant/tough-cookie/blob/master/lib/cookie.js#L91 )

The parser is looping on date's tokens : "Sun", "29", "Mar", "2015", "15:13:10", "GMT"
The parser is using the tokens to modify a date object : new Date();
but this date object is initialized with the current date, (currently "February")
so, when processing "29", it tries to set day 29 of month february which cause the bug :

date before setUTCDate() : Fri Feb 27 2015 16:31:16 GMT+0100 (CET)
date.setUTCDate(result[1]);
date after setUTCDate() : Sun Mar 01 2015 16:31:16 GMT+0100 (CET)
``

[stash]

Sorry for the delayed response. This seems pretty serious so I'll try to get a fix going right away.

[inikulin]

Fixed in #30. Released with tough-cookie@0.13.0.