checksrc: ban gmtime/localtime

They're not thread-safe so they should not be used in libcurl code.

Explictly enabled when deemed necessary and in examples and tests

Reviewed-by: Nicolas Sterchele
Closes #5732

diff --git a/docs/examples/.checksrc b/docs/examples/.checksrc
index c45678aaeaa9fd0e7a88cb37bcfaee70c079f36d..dea90aaa1d1122d49625ab09cbcf8a5de6ad5a30 100644 (file)
--- a/docs/examples/.checksrc
+++ b/docs/examples/.checksrc
@@ -1,2 +1,3 @@
 disable TYPEDEFSTRUCT
 disable SNPRINTF
+disable BANNEDFUNC

diff --git a/lib/checksrc.pl b/lib/checksrc.pl
index 97b8f9e1d21a004fd82e586d6dd1d185ab93d338..498da94bbc9d730dfe3e3e5aedc704e8d29b756a 100755 (executable)
--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -592,7 +592,8 @@ sub scanfile {
 
         # scan for use of banned functions
         if($l =~ /^(.*\W)
-                   (gets|
+                   (gmtime|localtime|
+                    gets|
                     strtok|
                     v?sprintf|
                     (str|_mbs|_tcs|_wcs)n?cat|

diff --git a/lib/parsedate.c b/lib/parsedate.c
index 585d7ea404de389c588e597ef9ef1f068ef5bc9a..4c7a40c4c531934d4ac139d7441471fd933caffb 100644 (file)
--- a/lib/parsedate.c
+++ b/lib/parsedate.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -624,6 +624,7 @@ CURLcode Curl_gmtime(time_t intime, struct tm *store)
   /* thread-safe version */
   tm = (struct tm *)gmtime_r(&intime, store);
 #else
+  /* !checksrc! disable BANNEDFUNC 1 */
   tm = gmtime(&intime);
   if(tm)
     *store = *tm; /* copy the pointed struct to the local copy */

diff --git a/src/tool_cb_dbg.c b/src/tool_cb_dbg.c
index bb8c2635b5b9a0d00dfc8e16249aadaed4f5f430..1c42db8a558a9137174d369d6f23fa1eb3015029 100644 (file)
--- a/src/tool_cb_dbg.c
+++ b/src/tool_cb_dbg.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -65,6 +65,7 @@ int tool_debug_cb(CURL *handle, curl_infotype type,
       known_offset = 1;
     }
     secs = epoch_offset + tv.tv_sec;
+    /* !checksrc! disable BANNEDFUNC 1 */
     now = localtime(&secs);  /* not thread safe but we don't care */
     msnprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld ",
               now->tm_hour, now->tm_min, now->tm_sec, (long)tv.tv_usec);

diff --git a/tests/libtest/.checksrc b/tests/libtest/.checksrc
index 24677d53e59f115b5e7ad032e72a32061ceed89f..37f7909524a1e8337245a7fc3398cdab8c070966 100644 (file)
--- a/tests/libtest/.checksrc
+++ b/tests/libtest/.checksrc
@@ -1 +1,2 @@
 disable TYPEDEFSTRUCT
+disable BANNEDFUNC

diff --git a/tests/server/util.c b/tests/server/util.c
index 8e76f0c9bea19c0347299de44191817c485617ec..dccce596b76327e1024fc04f6791f8c62c80948a 100644 (file)
--- a/tests/server/util.c
+++ b/tests/server/util.c
@@ -119,6 +119,7 @@ void logmsg(const char *msg, ...)
     known_offset = 1;
   }
   sec = epoch_offset + tv.tv_sec;
+  /* !checksrc! disable BANNEDFUNC 1 */
   now = localtime(&sec); /* not thread safe but we don't care */
 
   msnprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld",