From 324cbd5693a3cf13224561aa14fc2057d8696469 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:37:54 +0100 Subject: as we parse datestrings from external sources a lot specify the length of the integer fields as well to avoid crashes in scanf as cppchecks warns: "(warning) scanf without field width limits can crash with huge input data" --- apt-pkg/contrib/strutl.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'apt-pkg/contrib') diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc index 861cdcbeb..99efa8d98 100644 --- a/apt-pkg/contrib/strutl.cc +++ b/apt-pkg/contrib/strutl.cc @@ -910,17 +910,17 @@ bool StrToTime(const string &Val,time_t &Result) // Handle RFC 1123 time Month[0] = 0; - if (sscanf(I," %d %3s %d %d:%d:%d GMT",&Tm.tm_mday,Month,&Tm.tm_year, + if (sscanf(I," %2d %3s %4d %2d:%2d:%2d GMT",&Tm.tm_mday,Month,&Tm.tm_year, &Tm.tm_hour,&Tm.tm_min,&Tm.tm_sec) != 6) { // Handle RFC 1036 time - if (sscanf(I," %d-%3s-%d %d:%d:%d GMT",&Tm.tm_mday,Month, + if (sscanf(I," %2d-%3s-%3d %2d:%2d:%2d GMT",&Tm.tm_mday,Month, &Tm.tm_year,&Tm.tm_hour,&Tm.tm_min,&Tm.tm_sec) == 6) Tm.tm_year += 1900; else { // asctime format - if (sscanf(I," %3s %d %d:%d:%d %d",Month,&Tm.tm_mday, + if (sscanf(I," %3s %2d %2d:%2d:%2d %4d",Month,&Tm.tm_mday, &Tm.tm_hour,&Tm.tm_min,&Tm.tm_sec,&Tm.tm_year) != 6) { // 'ftp' time -- cgit v1.2.3-70-g09d2