1c50a44db6
strftime(3) makes no guarantees about the contents of the buffer if the formatted string wouldn't fit in the buffer. It simply returns 0, and it's the programmer's responsibility to do the right thing after that. Let's write the string "future" if there's an error, similar to what we do with gmtime(3)'s errors. Also, `buf[size - 1] = '\0';` didn't make sense. If the copy fits, strftime(3) guarantees to terminate with NUL. If it doesn't, the entire contents of buf are undefined, so adding a NUL at the end of the buffer would be dangerous: the string could contain anything, such as "gimme root access now". Remove that, now that we set the string to "future", as with gmtime(3) errors. This setting to '\0' comes from the times when we used strncpy(3) in the implementation, and should have been removed when I changed it to use strlcpy(3); however, I didn't check we didn't need it anymore. Cc: Serge Hallyn <serge@hallyn.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
39 lines
607 B
C
39 lines
607 B
C
/*
|
|
* SPDX-FileCopyrightText: 2021-2023, Alejandro Colomar <alx@kernel.org>
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <string.h>
|
|
#include <time.h>
|
|
|
|
#ident "$Id$"
|
|
|
|
#include "strtcpy.h"
|
|
#include "prototypes.h"
|
|
|
|
|
|
void
|
|
date_to_str(size_t size, char buf[size], long date)
|
|
{
|
|
time_t t;
|
|
const struct tm *tm;
|
|
|
|
t = date;
|
|
if (date < 0) {
|
|
(void) strtcpy(buf, "never", size);
|
|
return;
|
|
}
|
|
|
|
tm = gmtime(&t);
|
|
if (tm == NULL) {
|
|
(void) strtcpy(buf, "future", size);
|
|
return;
|
|
}
|
|
|
|
if (strftime(buf, size, "%Y-%m-%d", tm) == 0)
|
|
(void) strtcpy(buf, "future", size);
|
|
}
|