From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 12 Oct 2025 09:24:07 +0000 (+0200)
Subject: examples/synctime: fix null termination assumptions
X-Git-Tag: rc-8_17_0-2~102
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1feeda422e4bf247d9181a06e5642ca5cc3bdfb2;p=thirdparty%2Fcurl.git

examples/synctime: fix null termination assumptions

bonus: dont parse argv[0] for options

Reported-by: Joshua Rogers
Closes #19032
---

diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c
index 591761fe1c..071037a448 100644
--- a/docs/examples/synctime.c
+++ b/docs/examples/synctime.c
@@ -117,7 +117,6 @@ static SYSTEMTIME LOCALTime;
 #define HTTP_COMMAND_HEAD       0
 #define HTTP_COMMAND_GET        1
 
-
 static size_t SyncTime_CURL_WriteOutput(void *ptr, size_t size, size_t nmemb,
                                         void *stream)
 {
@@ -125,6 +124,7 @@ static size_t SyncTime_CURL_WriteOutput(void *ptr, size_t size, size_t nmemb,
   return nmemb * size;
 }
 
+/* Remember: do not assume headers are passed on null terminated! */
 static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
                                         void *stream)
 {
@@ -135,18 +135,22 @@ static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
   if(ShowAllHeader == 1)
     fprintf(stderr, "%.*s", (int)nmemb, (char *)ptr);
 
-  if(strncmp((char *)ptr, "Date:", 5) == 0) {
+  if((nmemb >= 5) && !strncmp((char *)ptr, "Date:", 5)) {
     if(ShowAllHeader == 0)
       fprintf(stderr, "HTTP Server. %.*s", (int)nmemb, (char *)ptr);
 
     if(AutoSyncTime == 1) {
-      int RetVal;
+      int RetVal = 0;
+      char *field = ptr;
       *TmpStr1 = 0;
       *TmpStr2 = 0;
-      RetVal = sscanf((char *)ptr, "Date: %25s %hu %25s %hu %hu:%hu:%hu",
-                      TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
-                      &SYSTime.wHour, &SYSTime.wMinute,
-                      &SYSTime.wSecond);
+      if(nmemb && (field[nmemb] == '\n')) {
+        field[nmemb] = 0; /* null terminated */
+        RetVal = sscanf(field, "Date: %25s %hu %25s %hu %hu:%hu:%hu",
+                        TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
+                        &SYSTime.wHour, &SYSTime.wMinute,
+                        &SYSTime.wSecond);
+      }
 
       if(RetVal == 7) {
         int i;
@@ -165,7 +169,7 @@ static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
     }
   }
 
-  if(strncmp((char *)ptr, "X-Cache: HIT", 12) == 0) {
+  if((nmemb >= 12) && !strncmp((char *)ptr, "X-Cache: HIT", 12)) {
     fprintf(stderr, "ERROR: HTTP Server data is cached."
             " Server Date is no longer valid.\n");
     AutoSyncTime = 0;
@@ -251,7 +255,7 @@ int main(int argc, char *argv[])
   conf_init(conf);
 
   if(argc > 1) {
-    int OptionIndex = 0;
+    int OptionIndex = 1;
     while(OptionIndex < argc) {
       if(strncmp(argv[OptionIndex], "--server=", 9) == 0)
         snprintf(conf->timeserver, MAX_STRING, "%s", &argv[OptionIndex][9]);