I didn't really want to send this e-mail right now, but my eeepc has strong opinions. ;)
2009/8/4 Alexander Potashev <[email protected]>: > Hi, > First of all, are you sure that this code is mature enough to care > about minor details? I would say, "@implemented" has been added by > mistake. > > About this commit: I tried to call asctime from glibc-2.8 on Linux, > but tm_year=9 works fine (resulting in 1909). I know, it is not > msvcrt. But I don't see any good reason to not allow years before > 1970. Furthermore, I'm sure, this function was once introduced to just > transform a date to human-readable format, and it shouldn't care about > the date. Btw, MSDN says nothing > > Another tricky question is: How is the UNIX epoch connected with > Reactos (or Windows)? > > About 'asctime': it might be holy, but it's "holey". It doesn't even > check the month and the day of week to fit the ranges 0..11 and 0..6 > correspondingly. > > > So, please, fix the security problems first, and then revert this commit ;) > > > 2009/8/4 <[email protected]>: >> Author: gschneider >> Date: Wed Aug 5 04:06:25 2009 >> New Revision: 42402 >> >> URL: http://svn.reactos.org/svn/reactos?rev=42402&view=rev >> Log: >> asctime/ctime: Check for too low input time, fixes one msvcrt time winetest >> >> Modified: >> trunk/reactos/lib/sdk/crt/time/ctime.c >> >> Modified: trunk/reactos/lib/sdk/crt/time/ctime.c >> URL: >> http://svn.reactos.org/svn/reactos/trunk/reactos/lib/sdk/crt/time/ctime.c?rev=42402&r1=42401&r2=42402&view=diff >> ============================================================================== >> --- trunk/reactos/lib/sdk/crt/time/ctime.c [iso-8859-1] (original) >> +++ trunk/reactos/lib/sdk/crt/time/ctime.c [iso-8859-1] Wed Aug 5 04:06:25 >> 2009 >> @@ -1200,14 +1200,23 @@ >> "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" >> }; >> static char result[26]; >> - >> - (void) sprintf(result, "%.3s %.3s%3d %02d:%02d:%02d %d\n", >> - wday_name[timeptr->tm_wday], >> - mon_name[timeptr->tm_mon], >> - timeptr->tm_mday, timeptr->tm_hour, >> - timeptr->tm_min, timeptr->tm_sec, >> - TM_YEAR_BASE + timeptr->tm_year); >> - return result; >> + char* res = result; >> + >> + /* Check for invalid input time */ >> + if (timeptr->tm_year <= 69) >> + { >> + res = NULL; >> + } >> + else >> + { >> + sprintf(res, "%.3s %.3s%3d %02d:%02d:%02d %d\n", >> + wday_name[timeptr->tm_wday], >> + mon_name[timeptr->tm_mon], >> + timeptr->tm_mday, timeptr->tm_hour, >> + timeptr->tm_min, timeptr->tm_sec, >> + TM_YEAR_BASE + timeptr->tm_year); >> + } >> + return res; >> } >> >> /* >> >> >> > _______________________________________________ Ros-dev mailing list [email protected] http://www.reactos.org/mailman/listinfo/ros-dev
