| diff -ruN htpdate/htpdate.c htpdate.new/htpdate.c |
| --- htpdate/htpdate.c 2010-11-30 14:53:31.637209639 -0600 |
| +++ htpdate.new/htpdate.c 2010-11-30 15:48:25.647523022 -0600 |
| @@ -158,7 +158,7 @@ |
| char url[URLSIZE] = { '\0' }; |
| char *pdate = NULL; |
| int error = -1; /* used when returning non-zero return values */ |
| - |
| + ssize_t buffer_size = 0; |
| |
| /* Connect to web server via proxy server or directly */ |
| memset( &hints, 0, sizeof(hints) ); |
| @@ -244,8 +244,10 @@ |
| /* Receive data from the web server |
| The return code from recv() is the number of bytes received |
| */ |
| - if ( recv(server_s, buffer, BUFFERSIZE, 0) != -1 ) { |
| - |
| + buffer_size = recv(server_s, buffer, BUFFERSIZE - 1, 0); |
| + if ( buffer_size >= 0 ) { |
| + /* NUL terminate the string data. */ |
| + buffer[buffer_size] = '\0'; |
| /* Assuming that network delay (server->htpdate) is neglectable, |
| the received web server time "should" match the local time. |
| |
| @@ -264,9 +266,12 @@ |
| rtt = ( timeofday.tv_sec - rtt ) * 1000000 + \ |
| timeofday.tv_usec - when; |
| |
| - /* Look for the line that contains Date: */ |
| - if ( (pdate = strstr(buffer, "Date: ")) != NULL ) { |
| + /* Look for the line that contains Date: and has enough data. */ |
| + pdate = strstr(buffer, "Date: "); |
| + /* strlen("Date: ...") must be >= 11. */ |
| + if ( pdate != NULL && strlen(pdate) >= 11 ) { |
| strncpy(remote_time, pdate + 11, 24); |
| + remote_time[24] = '\0'; |
| recvdvalidresp = 1; |
| |
| if ( strptime( remote_time, "%d %b %Y %T", &tm) != NULL) { |