romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 03:31:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

examples/synctime: fix null termination assumptions

Browse source 
bonus: dont parse argv[0] for options

Reported-by: Joshua Rogers
Closes #19032
This commit is contained in:
Daniel Stenberg 2025-10-12 11:24:07 +02:00
parent 1e90a63a49
commit 1feeda422e
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 13 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

22
docs/examples/synctime.c
View file

@ -117,7 +117,6 @@ static SYSTEMTIME LOCALTime;
#define HTTP_COMMAND_HEAD 0
#define HTTP_COMMAND_GET 1
static size_t SyncTime_CURL_WriteOutput(void *ptr, size_t size, size_t nmemb,
void *stream)
{
@ -125,6 +124,7 @@ static size_t SyncTime_CURL_WriteOutput(void *ptr, size_t size, size_t nmemb,
return nmemb * size;
}
/* Remember: do not assume headers are passed on null terminated! */
static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
void *stream)
{
@ -135,18 +135,22 @@ static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
if(ShowAllHeader == 1)
fprintf(stderr, "%.*s", (int)nmemb, (char *)ptr);
if(strncmp((char *)ptr, "Date:", 5) == 0) {
if((nmemb >= 5) && !strncmp((char *)ptr, "Date:", 5)) {
if(ShowAllHeader == 0)
fprintf(stderr, "HTTP Server. %.*s", (int)nmemb, (char *)ptr);
if(AutoSyncTime == 1) {
int RetVal;
int RetVal = 0;
char *field = ptr;
*TmpStr1 = 0;
*TmpStr2 = 0;
RetVal = sscanf((char *)ptr, "Date: %25s %hu %25s %hu %hu:%hu:%hu",
TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
&SYSTime.wHour, &SYSTime.wMinute,
&SYSTime.wSecond);
if(nmemb && (field[nmemb] == '\n')) {
field[nmemb] = 0; /* null terminated */
RetVal = sscanf(field, "Date: %25s %hu %25s %hu %hu:%hu:%hu",
TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
&SYSTime.wHour, &SYSTime.wMinute,
&SYSTime.wSecond);
}
if(RetVal == 7) {
int i;
@ -165,7 +169,7 @@ static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
}
}
if(strncmp((char *)ptr, "X-Cache: HIT", 12) == 0) {
if((nmemb >= 12) && !strncmp((char *)ptr, "X-Cache: HIT", 12)) {
fprintf(stderr, "ERROR: HTTP Server data is cached."
" Server Date is no longer valid.\n");
AutoSyncTime = 0;
@ -251,7 +255,7 @@ int main(int argc, char *argv[])
conf_init(conf);
if(argc > 1) {
int OptionIndex = 0;
int OptionIndex = 1;
while(OptionIndex < argc) {
if(strncmp(argv[OptionIndex], "--server=", 9) == 0)
snprintf(conf->timeserver, MAX_STRING, "%s", &argv[OptionIndex][9]);