From 6499609608e25046edd5e368b52244447fec1ee2 Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Tue, 24 Feb 2009 15:52:43 +0000
Subject: [PATCH] Check the return value of strftime()

strftime() returns zero for errors and the state of the buffer we passed to it
is undefined in this case. This lead to a non-null-terminated string being
used.
The impact of this bug should be low, no writing was done and you were only
able to get a partial stack dump. A crash through this is quite unlikely.

Thanks to cnu for finding and reporting this.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1394 726aef4b-f618-498e-8847-2d620e286838
---
 User.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/User.cpp b/User.cpp
index 7436046c..e3614c6d 100644
--- a/User.cpp
+++ b/User.cpp
@@ -171,9 +171,13 @@ CString& CUser::AddTimestamp(const CString& sStr, CString& sRet) const {
 	} else {
 		time(&tm);
 		tm += (time_t)(m_fTimezoneOffset * 60 * 60); // offset is in hours
-		strftime(szTimestamp, sizeof(szTimestamp) / sizeof(char), GetTimestampFormat().c_str(), localtime(&tm));
+		size_t i = strftime(szTimestamp, sizeof(szTimestamp), GetTimestampFormat().c_str(), localtime(&tm));
+		if (i != 0) {
+			sRet = sStr;
+		} else {
+			sRet.clear();
+		}
 
-		sRet = sStr;
 		if (m_bPrependTimestamp) {
 			sRet = szTimestamp;
 			sRet += " " + sStr;