* time_r.h (asctime_r, ctime_r): Remove. These functions can

overrun buffers and shouldn't be used (much as gets shouldn't be
used).
* time_r.c (asctime_r, ctime_r): Likewise.

diff --git a/lib/ChangeLog b/lib/ChangeLog
index bda1d1c..030dfef 100644 (file)
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,10 @@
+2006-03-11  Paul Eggert  <eggert@cs.ucla.edu>
+
+       * time_r.h (asctime_r, ctime_r): Remove.  These functions can
+       overrun buffers and shouldn't be used (much as gets shouldn't be
+       used).
+       * time_r.c (asctime_r, ctime_r): Likewise.
+
 2006-03-08  Simon Josefsson  <jas@extundo.com>
 
        * gc-gnulib.c (randomize): Don't open files called 'no', they

diff --git a/lib/time_r.c b/lib/time_r.c
index 245ac92..af845b4 100644 (file)
--- a/lib/time_r.c
+++ b/lib/time_r.c
@@ -1,6 +1,6 @@
 /* Reentrant time functions like localtime_r.
 
-   Copyright (C) 2003 Free Software Foundation, Inc.
+   Copyright (C) 2003, 2006 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -44,18 +44,6 @@ copy_tm_result (struct tm *dest, struct tm const *src)
 }
 
 
-char *
-asctime_r (struct tm const * restrict tm, char * restrict buf)
-{
-  return copy_string_result (buf, asctime (tm));
-}
-
-char *
-ctime_r (time_t const *t, char *buf)
-{
-  return copy_string_result (buf, ctime (t));
-}
-
 struct tm *
 gmtime_r (time_t const * restrict t, struct tm * restrict tp)
 {

diff --git a/lib/time_r.h b/lib/time_r.h
index 1f2e94a..ba8b070 100644 (file)
--- a/lib/time_r.h
+++ b/lib/time_r.h
@@ -1,6 +1,6 @@
 /* Reentrant time functions like localtime_r.
 
-   Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+   Copyright (C) 2003, 2005, 2006 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -27,25 +27,20 @@
 #include <time.h>
 
 #if !HAVE_TIME_R_POSIX
-# undef asctime_r
-# undef ctime_r
+
+/* Don't bother with asctime_r and ctime_r, since these functions are
+   not safe (like asctime and ctime, they can overrun their 26-byte
+   output buffers when given outlandish struct tm values), and we
+   don't want to encourage applications to use unsafe functions.  Use
+   strftime or even sprintf instead.  */
+
 # undef gmtime_r
 # undef localtime_r
 
-# define asctime_r rpl_asctime_r
-# define ctime_r rpl_ctime_r
 # define gmtime_r rpl_gmtime_r
 # define localtime_r rpl_localtime_r
 
 /* See the POSIX:2001 specification
-   <http://www.opengroup.org/susv3xsh/asctime.html>.  */
-char *asctime_r (struct tm const * restrict, char * restrict);
-
-/* See the POSIX:2001 specification
-   <http://www.opengroup.org/susv3xsh/ctime.html>.  */
-char *ctime_r (time_t const *, char *);
-
-/* See the POSIX:2001 specification
    <http://www.opengroup.org/susv3xsh/gmtime.html>.  */
 struct tm *gmtime_r (time_t const * restrict, struct tm * restrict);