The patch provided in #10 silences various warnings but fixes neither the underlying buffer-overrun vulnerability with strncat, nor the lack of a portable xxprintf format specifier for time_t.
The standard C strncat function is widely regarded as so badly flawed as to be useless, because its limit parameter does not reflect the overall size of the target buffer, but rather the space remaining in that buffer after the length of its current content is taken into account. Even when provided with a correct limit value, its safeguard is to truncate the string, resulting in an incorrect value which is useless for the purpose of this program.
To be fair, the limits provided are very generous, so one needs to go to extreme lengths to broach them, but this command demonstrates how the stack can be corrupted, causing an abort when it attempts to return from dumptzdata (back to main):
Supersedes issue #7
The patch provided in #10 silences various warnings but fixes neither the underlying buffer-overrun vulnerability with
strncat
, nor the lack of a portablexxprintf
format specifier fortime_t
.The standard C
strncat
function is widely regarded as so badly flawed as to be useless, because itslimit
parameter does not reflect the overall size of the target buffer, but rather the space remaining in that buffer after the length of its current content is taken into account. Even when provided with a correct limit value, its safeguard is to truncate the string, resulting in an incorrect value which is useless for the purpose of this program.To be fair, the limits provided are very generous, so one needs to go to extreme lengths to broach them, but this command demonstrates how the stack can be corrupted, causing an abort when it attempts to return from
dumptzdata
(back tomain
):More broadly, return values that indicate potential errors should be checked, not simply cast away with
(void)
.