diff options
| author | attilamolnar <attilamolnar@hush.com> | 2013-08-27 18:33:32 +0200 |
|---|---|---|
| committer | attilamolnar <attilamolnar@hush.com> | 2013-08-27 18:33:32 +0200 |
| commit | 25ab5612f2ed8f0163c338740abd9f133af89356 (patch) | |
| tree | 54f966dcdb994970fac4ad873c903ff3c834767b | |
| parent | 261d5bb566f6383efea99e73c933a2af6f408341 (diff) | |
Fix crash caused by passing a large integer to ctime()
In addition to verifying the return value of localtime(), correct tm_year if it is out of bounds
Reported by @JDowny
| -rw-r--r-- | src/commands/cmd_whowas.cpp | 13 | ||||
| -rw-r--r-- | src/helperfuncs.cpp | 21 |
2 files changed, 23 insertions, 11 deletions
diff --git a/src/commands/cmd_whowas.cpp b/src/commands/cmd_whowas.cpp index 17a779ec3..3a6444b45 100644 --- a/src/commands/cmd_whowas.cpp +++ b/src/commands/cmd_whowas.cpp @@ -58,14 +58,6 @@ CmdResult CommandWhowas::Handle (const std::vector<std::string>& parameters, Use for (whowas_set::iterator ux = grp->begin(); ux != grp->end(); ux++) { WhoWasGroup* u = *ux; - time_t rawtime = u->signon; - tm *timeinfo; - char b[25]; - - timeinfo = localtime(&rawtime); - - strncpy(b,asctime(timeinfo),24); - b[24] = 0; user->WriteNumeric(314, "%s %s %s %s * :%s",user->nick.c_str(),parameters[0].c_str(), u->ident.c_str(),u->dhost.c_str(),u->gecos.c_str()); @@ -74,10 +66,11 @@ CmdResult CommandWhowas::Handle (const std::vector<std::string>& parameters, Use user->WriteNumeric(379, "%s %s :was connecting from *@%s", user->nick.c_str(), parameters[0].c_str(), u->host.c_str()); + std::string signon = ServerInstance->TimeString(u->signon); if (!ServerInstance->Config->HideWhoisServer.empty() && !user->HasPrivPermission("servers/auspex")) - user->WriteNumeric(312, "%s %s %s :%s",user->nick.c_str(),parameters[0].c_str(), ServerInstance->Config->HideWhoisServer.c_str(), b); + user->WriteNumeric(312, "%s %s %s :%s",user->nick.c_str(),parameters[0].c_str(), ServerInstance->Config->HideWhoisServer.c_str(), signon.c_str()); else - user->WriteNumeric(312, "%s %s %s :%s",user->nick.c_str(),parameters[0].c_str(), u->server.c_str(), b); + user->WriteNumeric(312, "%s %s %s :%s",user->nick.c_str(),parameters[0].c_str(), u->server.c_str(), signon.c_str()); } } else diff --git a/src/helperfuncs.cpp b/src/helperfuncs.cpp index 5a8f55f11..439320c1e 100644 --- a/src/helperfuncs.cpp +++ b/src/helperfuncs.cpp @@ -495,7 +495,26 @@ bool InspIRCd::SilentULine(const std::string& sserver) std::string InspIRCd::TimeString(time_t curtime) { - return std::string(ctime(&curtime),24); +#ifdef _WIN32 + if (curtime < 0) + curtime = 0; +#endif + + struct tm* timeinfo = localtime(&curtime); + if (!timeinfo) + { + curtime = 0; + timeinfo = localtime(&curtime); + } + + // If the calculated year exceeds four digits or is less than the year 1000, + // the behavior of asctime() is undefined + if (timeinfo->tm_year + 1900 > 9999) + timeinfo->tm_year = 9999 - 1900; + else if (timeinfo->tm_year + 1900 < 1000) + timeinfo->tm_year = 0; + + return std::string(asctime(timeinfo),24); } // You should only pass a single character to this. |