From d86fd143a1fbc54124855ff7947ed0b3b9dfcf89 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 18 Mar 2026 19:01:10 +0100 Subject: [PATCH] synctime: fix off-by-one read and write to a read-only buffer (Windows) Also making the `--synctime` option work. Off-by-one found by Codex Security Assisted-by: Jay Satiro Closes #20987 --- docs/examples/synctime.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c index 02cbefa0e5..6d59826934 100644 --- a/docs/examples/synctime.c +++ b/docs/examples/synctime.c @@ -134,9 +134,12 @@ static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb, char *field = ptr; *TmpStr1 = 0; *TmpStr2 = 0; - if(nmemb && (field[nmemb] == '\n')) { - field[nmemb] = 0; /* null-terminated */ - RetVal = sscanf(field, "Date: %25s %hu %25s %hu %hu:%hu:%hu", + if(nmemb && (field[nmemb - 1] == '\n')) { + char header[100]; + size_t len = nmemb < sizeof(header) ? nmemb : sizeof(header) - 1; + memcpy(header, field, len); + header[len] = 0; /* null-terminate local copy */ + RetVal = sscanf(header, "Date: %25s %hu %25s %hu %hu:%hu:%hu", TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear, &SYSTime.wHour, &SYSTime.wMinute, &SYSTime.wSecond);