Re: [ros-dev] [ros-diffs] [gschneider] 42402: asctime/ctime: Check for too low input time, fixes one msvcrt time winetest

5 Aug 2009

I didn't really want to send this e-mail right now, but my eeepc has
strong opinions. ;)

2009/8/4 Alexander Potashev &lt;aspotashev(a)gmail.com&gt;om>:
...
  Hi,
 First of all, are you sure that this code is mature enough to care
 about minor details? I would say, "@implemented" has been added by
 mistake.

 About this commit: I tried to call asctime from glibc-2.8 on Linux,
 but tm_year=9 works fine (resulting in 1909). I know, it is not
 msvcrt. But I don't see any good reason to not allow years before
 1970. Furthermore, I'm sure, this function was once introduced to just
 transform a date to human-readable format, and it shouldn't care about
 the date. Btw, MSDN says nothing

 Another tricky question is: How is the UNIX epoch connected with
 Reactos (or Windows)?

 About 'asctime': it might be holy, but it's "holey". It doesn't
even
 check the month and the day of week to fit the ranges 0..11 and 0..6
 correspondingly.

 So, please, fix the security problems first, and then revert this commit ;)

 2009/8/4  &lt;gschneider(a)svn.reactos.org&gt;rg>:
  Author: gschneider
 Date: Wed Aug  5 04:06:25 2009
 New Revision: 42402

 URL: http://svn.reactos.org/svn/reactos?rev=42402&view=rev
 Log:
 asctime/ctime: Check for too low input time, fixes one msvcrt time winetest

 Modified:
    trunk/reactos/lib/sdk/crt/time/ctime.c

 Modified: trunk/reactos/lib/sdk/crt/time/ctime.c
 URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/sdk/crt/time/ctime.c?r…
 ==============================================================================
 --- trunk/reactos/lib/sdk/crt/time/ctime.c [iso-8859-1] (original)
 +++ trunk/reactos/lib/sdk/crt/time/ctime.c [iso-8859-1] Wed Aug  5 04:06:25 2009
 @@ -1200,14 +1200,23 @@
     "Jul", "Aug", "Sep", "Oct", "Nov",
"Dec"
   };
   static char result[26];
 -
 -  (void) sprintf(result, "%.3s %.3s%3d %02d:%02d:%02d %d\n",
 -         wday_name[timeptr->tm_wday],
 -         mon_name[timeptr->tm_mon],
 -         timeptr->tm_mday, timeptr->tm_hour,
 -         timeptr->tm_min, timeptr->tm_sec,
 -         TM_YEAR_BASE + timeptr->tm_year);
 -  return result;
 +  char* res = result;
 +
 +  /* Check for invalid input time */
 +  if (timeptr->tm_year <= 69)
 +  {
 +    res = NULL;
 +  }
 +  else
 +  {
 +    sprintf(res, "%.3s %.3s%3d %02d:%02d:%02d %d\n",
 +            wday_name[timeptr->tm_wday],
 +            mon_name[timeptr->tm_mon],
 +            timeptr->tm_mday, timeptr->tm_hour,
 +            timeptr->tm_min, timeptr->tm_sec,
 +            TM_YEAR_BASE + timeptr->tm_year);
 +  }
 +  return res;
  }

  /*

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [ros-dev] [ros-diffs] [gschneider] 42402: asctime/ctime: Check for too low input time, fixes one msvcrt time winetest