diff options
author | David Kalnischkies <kalnischkies@gmail.com> | 2012-03-05 00:37:54 +0100 |
---|---|---|
committer | David Kalnischkies <kalnischkies@gmail.com> | 2012-03-05 00:37:54 +0100 |
commit | 324cbd5693a3cf13224561aa14fc2057d8696469 (patch) | |
tree | 8a7d661f0fd509622642152149d5e8bdfe0a8677 | |
parent | 785412cf3b03878fc6857c7d453376a029d9eb6a (diff) |
as we parse datestrings from external sources a lot specify the length
of the integer fields as well to avoid crashes in scanf as cppchecks warns:
"(warning) scanf without field width limits can crash with huge input data"
-rw-r--r-- | apt-pkg/contrib/strutl.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc index 861cdcbeb..99efa8d98 100644 --- a/apt-pkg/contrib/strutl.cc +++ b/apt-pkg/contrib/strutl.cc @@ -910,17 +910,17 @@ bool StrToTime(const string &Val,time_t &Result) // Handle RFC 1123 time Month[0] = 0; - if (sscanf(I," %d %3s %d %d:%d:%d GMT",&Tm.tm_mday,Month,&Tm.tm_year, + if (sscanf(I," %2d %3s %4d %2d:%2d:%2d GMT",&Tm.tm_mday,Month,&Tm.tm_year, &Tm.tm_hour,&Tm.tm_min,&Tm.tm_sec) != 6) { // Handle RFC 1036 time - if (sscanf(I," %d-%3s-%d %d:%d:%d GMT",&Tm.tm_mday,Month, + if (sscanf(I," %2d-%3s-%3d %2d:%2d:%2d GMT",&Tm.tm_mday,Month, &Tm.tm_year,&Tm.tm_hour,&Tm.tm_min,&Tm.tm_sec) == 6) Tm.tm_year += 1900; else { // asctime format - if (sscanf(I," %3s %d %d:%d:%d %d",Month,&Tm.tm_mday, + if (sscanf(I," %3s %2d %2d:%2d:%2d %4d",Month,&Tm.tm_mday, &Tm.tm_hour,&Tm.tm_min,&Tm.tm_sec,&Tm.tm_year) != 6) { // 'ftp' time |