Unlike snprintf, strftime buffer contents are undefined when it fails,
so make sure the buffer is null-terminated. To prevent garbage from
being printed out, we simply set the timestamp to the empty string, but
maybe setting it to "unknown time" or something similar would be better.
Either way, I don't think this can fail until year 10000, so it's not a
big deal.
---
connection.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/connection.c b/connection.c
index 8aca2ab..24de809 100644
--- a/connection.c
+++ b/connection.c
@@ -31,7 +31,8 @@ connection_log(const struct connection *c)
if (!strftime(tstmp, sizeof(tstmp), "%Y-%m-%dT%H:%M:%SZ",
gmtime(&(time_t){time(NULL)}))) {
warn("strftime: Exceeded buffer capacity");
- /* continue anyway (we accept the truncation) */
+ tstmp[0] = '\0'; /* tstmp contents are undefined on failure */
+ /* continue anyway */
}
/* generate address-string */
--
2.17.1
