commit a982fa636704a436c3d1016b1f82806f607b7556
Author: robert <[email protected]>
AuthorDate: Fri Jul 8 11:12:17 2022 -0700
Commit: Laslo Hunhold <[email protected]>
CommitDate: Sun Feb 26 20:19:45 2023 +0100
Fix strftime error handling
Unlike snprintf, strftime buffer contents are undefined when it fails,
so make sure the buffer is null-terminated. To prevent garbage from
being printed out, we simply set the timestamp to the empty string, but
maybe setting it to "unknown time" or something similar would be better.
Either way, I don't think this can fail until year 10000, so it's not a
big deal.
diff --git a/connection.c b/connection.c
index 8aca2ab..24de809 100644
--- a/connection.c
+++ b/connection.c
@@ -31,7 +31,8 @@ connection_log(const struct connection *c)
if (!strftime(tstmp, sizeof(tstmp), "%Y-%m-%dT%H:%M:%SZ",
gmtime(&(time_t){time(NULL)}))) {
warn("strftime: Exceeded buffer capacity");
- /* continue anyway (we accept the truncation) */
+ tstmp[0] = '\0'; /* tstmp contents are undefined on failure */
+ /* continue anyway */
}
/* generate address-string */
