To: vim_dev@googlegroups.com Subject: Patch 9.0.0733 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.0733 Problem: Use of strftime() is not safe. Solution: Check the return value of strftime(). Use a larger buffer and correctly pass the available space. (Dominique Pellé, closes #11348) Files: src/time.c *** ../vim-9.0.0732/src/time.c 2022-10-07 11:20:24.034352636 +0100 --- src/time.c 2022-10-12 13:30:01.530292365 +0100 *************** *** 82,88 **** char * get_ctime(time_t thetime, int add_newline) { ! static char buf[50]; #ifdef HAVE_STRFTIME struct tm tmval; struct tm *curtime; --- 82,88 ---- char * get_ctime(time_t thetime, int add_newline) { ! static char buf[100]; // hopefully enough for every language #ifdef HAVE_STRFTIME struct tm tmval; struct tm *curtime; *************** *** 90,101 **** curtime = vim_localtime(&thetime, &tmval); // MSVC returns NULL for an invalid value of seconds. if (curtime == NULL) ! vim_strncpy((char_u *)buf, (char_u *)_("(Invalid)"), sizeof(buf) - 1); else { // xgettext:no-c-format ! (void)strftime(buf, sizeof(buf) - 1, _("%a %b %d %H:%M:%S %Y"), ! curtime); # ifdef MSWIN if (enc_codepage >= 0 && (int)GetACP() != enc_codepage) { --- 90,109 ---- curtime = vim_localtime(&thetime, &tmval); // MSVC returns NULL for an invalid value of seconds. if (curtime == NULL) ! vim_strncpy((char_u *)buf, (char_u *)_("(Invalid)"), sizeof(buf) - 2); else { // xgettext:no-c-format ! if (strftime(buf, sizeof(buf) - 2, _("%a %b %d %H:%M:%S %Y"), curtime) ! == 0) ! { ! // Quoting "man strftime": ! // > If the length of the result string (including the terminating ! // > null byte) would exceed max bytes, then strftime() returns 0, ! // > and the contents of the array are undefined. ! vim_strncpy((char_u *)buf, (char_u *)_("(Invalid)"), ! sizeof(buf) - 2); ! } # ifdef MSWIN if (enc_codepage >= 0 && (int)GetACP() != enc_codepage) { *************** *** 105,111 **** acp_to_enc((char_u *)buf, (int)strlen(buf), &to_free, &len); if (to_free != NULL) { ! STRCPY(buf, to_free); vim_free(to_free); } } --- 113,119 ---- acp_to_enc((char_u *)buf, (int)strlen(buf), &to_free, &len); if (to_free != NULL) { ! STRNCPY(buf, to_free, sizeof(buf) - 2); vim_free(to_free); } } *************** *** 318,327 **** convert_setup(&conv, p_enc, enc); if (conv.vc_type != CONV_NONE) p = string_convert(&conv, p, NULL); ! if (p != NULL) ! (void)strftime((char *)result_buf, sizeof(result_buf), ! (char *)p, curtime); ! else result_buf[0] = NUL; if (conv.vc_type != CONV_NONE) --- 326,333 ---- convert_setup(&conv, p_enc, enc); if (conv.vc_type != CONV_NONE) p = string_convert(&conv, p, NULL); ! if (p == NULL || strftime((char *)result_buf, sizeof(result_buf), ! (char *)p, curtime) == 0) result_buf[0] = NUL; if (conv.vc_type != CONV_NONE) *************** *** 1117,1132 **** #ifdef HAVE_STRFTIME struct tm tmval; struct tm *curtime; if (vim_time() - tt >= 100) { curtime = vim_localtime(&tt, &tmval); if (vim_time() - tt < (60L * 60L * 12L)) // within 12 hours ! (void)strftime((char *)buf, buflen, "%H:%M:%S", curtime); else // longer ago ! (void)strftime((char *)buf, buflen, "%Y/%m/%d %H:%M:%S", curtime); } else #endif --- 1123,1141 ---- #ifdef HAVE_STRFTIME struct tm tmval; struct tm *curtime; + int n; if (vim_time() - tt >= 100) { curtime = vim_localtime(&tt, &tmval); if (vim_time() - tt < (60L * 60L * 12L)) // within 12 hours ! n = strftime((char *)buf, buflen, "%H:%M:%S", curtime); else // longer ago ! n = strftime((char *)buf, buflen, "%Y/%m/%d %H:%M:%S", curtime); ! if (n == 0) ! buf[0] = NUL; } else #endif *** ../vim-9.0.0732/src/version.c 2022-10-12 12:58:50.385618448 +0100 --- src/version.c 2022-10-12 13:28:40.030510098 +0100 *************** *** 701,702 **** --- 701,704 ---- { /* Add new patch number below this line */ + /**/ + 733, /**/ -- -rwxr-xr-x 1 root 24 Oct 29 1929 /bin/ed -rwxr-xr-t 4 root 131720 Jan 1 1970 /usr/ucb/vi -rwxr-xr-x 1 root 5.89824e37 Oct 22 1990 /usr/bin/emacs /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///