timed contains buffer overflows, and more
virtus at wanadoo.nl
Tue Aug 31 01:41:12 PDT 2004
Yet another patch...
Alright, I decided to go through the LEGACY functions one-by-one.. ftime()
isn't found anywhere in the source code, however, cftime() is, of which the
The cftime() and ascftime() functions are made obsolete by strftime(3).
Use of the functions cftime() and ascftime() is strongly deprecated,
since there is no way to check for a buffer overflow condition. Use
some of the files that I came across cftime() in belong to the timed daemon.
While checking the code I found buffer overflows all over the place, just as
ambigious (void) casts aswell as #ifdef's that should have been removed
century's ago. These #ifdef's contained the calls to cftime() which is part
of some ancient SGI log message generation system. You can find the
(somewhat huge) patch here:
Here is the commit message:
* Remove the #ifdef sgi code which mostly contains SGI specific log messages
* In removing the #ifdef sgi included code remove all non-standard cftime()
* Replace all occurences of strcpy by the safe strlcpy where needed
* Replace all occurences of strncpy by the safer strlcpy where needed
* Avoid WARNS=2 error by renaming 'print' variable into 'printerr' to avoid
collision with the print() function in the same program (obtained from
* Avoid WARNS=2 error by renaming 'adjtime' variable into 'adjusttime' to
avoid collisions with the adjtime() function in the same program (obtained
While being here, also:
* Some minor cleanups
* Remove all ambigious (void) casts
I checked this, and it compiles fine. So it's a comit-to-go, I reckon ;-).
I hope anyone has time to commit this..
More information about the Submit