synctime: fix off-by-one read and write to a read-only buffer (Windows)

Also making the `--synctime` option work.

Off-by-one found by Codex Security

Assisted-by: Jay Satiro
Closes #20987

diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c
index 02cbefa0e5a9bf7ab5a6cc7821629abbc2c26742..6d598269340b58318b2d9b7b2e1f3be3fb49c0bc 100644 (file)
--- a/docs/examples/synctime.c
+++ b/docs/examples/synctime.c
@@ -134,9 +134,12 @@ static size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
       char *field = ptr;
       *TmpStr1 = 0;
       *TmpStr2 = 0;
-      if(nmemb && (field[nmemb] == '\n')) {
-        field[nmemb] = 0; /* null-terminated */
-        RetVal = sscanf(field, "Date: %25s %hu %25s %hu %hu:%hu:%hu",
+      if(nmemb && (field[nmemb - 1] == '\n')) {
+        char header[100];
+        size_t len = nmemb < sizeof(header) ? nmemb : sizeof(header) - 1;
+        memcpy(header, field, len);
+        header[len] = 0; /* null-terminate local copy */
+        RetVal = sscanf(header, "Date: %25s %hu %25s %hu %hu:%hu:%hu",
                         TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
                         &SYSTime.wHour, &SYSTime.wMinute,
                         &SYSTime.wSecond);