--- asctime.c.orig 2008-12-15 11:41:07.000000000 -0800 +++ asctime.c 2009-01-21 17:09:27.000000000 -0800 @@ -22,10 +22,10 @@ __FBSDID("$FreeBSD: src/lib/libc/stdtime ** A la ISO/IEC 9945-1, ANSI/IEEE Std 1003.1, Second Edition, 1996-07-12. */ +#define EXPECTEDLEN 26 + char * -asctime_r(timeptr, buf) -const struct tm * timeptr; -char * buf; +asctime_r(const struct tm * __restrict timeptr, char * __restrict buf) { static const char wday_name[][3] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" @@ -36,6 +36,8 @@ char * buf; }; const char * wn; const char * mn; + int len; + char tmp[EXPECTEDLEN]; if (timeptr->tm_wday < 0 || timeptr->tm_wday >= DAYSPERWEEK) wn = "???"; @@ -48,31 +50,28 @@ char * buf; ** "%.3s %.3s%3d %02.2d:%02.2d:%02.2d %d\n" ** Since the .2 in 02.2d is ignored, we drop it. */ - (void) sprintf(buf, "%.3s %.3s%3d %02d:%02d:%02d %d\n", + /* + ** Because various values in the tm structure may cause the + ** resulting string to be longer than the 26-bytes that is + ** specified in the spec, we should return NULL rather than + ** possibly overwrite beyond the string. + */ + len = snprintf(tmp, EXPECTEDLEN, "%.3s %.3s%3d %02d:%02d:%02d %d\n", wn, mn, timeptr->tm_mday, timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec, TM_YEAR_BASE + timeptr->tm_year); + if (len >= EXPECTEDLEN) + return NULL; + strcpy(buf, tmp); return buf; } -/* -** A la X3J11, with core dump avoidance. -*/ - char * asctime(timeptr) const struct tm * timeptr; { - /* - ** Big enough for something such as - ** ??? ???-2147483648 -2147483648:-2147483648:-2147483648 -2147483648\n - ** (two three-character abbreviations, five strings denoting integers, - ** three explicit spaces, two explicit colons, a newline, - ** and a trailing ASCII nul). - */ - static char result[3 * 2 + 5 * INT_STRLEN_MAXIMUM(int) + - 3 + 2 + 1 + 1]; + static char result[EXPECTEDLEN]; return asctime_r(timeptr, result); }