movemail: don't dump core if the current time is outlandish

* movemail.c (popmail): Check for mbx_delimit_begin failure.
(mbx_delimit_begin): Fail if the current time is so outlandish
that localtime would fail or asctime would have undefined
behavior.  Use strftime to avoid asctime undefined behavior.

lib-src/ChangeLog

@@ -1,3 +1,11 @@
+2014-09-23  Paul Eggert  <eggert@cs.ucla.edu>
+
+	movemail: don't dump core if the current time is outlandish
+	* movemail.c (popmail): Check for mbx_delimit_begin failure.
+	(mbx_delimit_begin): Fail if the current time is so outlandish
+	that localtime would fail or asctime would have undefined
+	behavior.  Use strftime to avoid asctime undefined behavior.
+
 2014-09-01  Paul Eggert  <eggert@cs.ucla.edu>
 
 	--enable-silent-rules now suppresses more chatter.

lib-src/movemail.c

@@ -714,8 +714,8 @@ popmail (char *mailbox, char *outfile, int preserve, char *password, int reverse
 
   for (i = start; i * increment <= end * increment; i += increment)
     {
-      mbx_delimit_begin (mbf);
-      if (pop_retr (server, i, mbf) != OK)
+      if (mbx_delimit_begin (mbf) != OK
+	  || pop_retr (server, i, mbf) != OK)
 	{
 	  error ("%s", Errmsg, 0);
 	  close (mbfi);
@@ -832,15 +832,15 @@ mbx_write (char *line, int len, FILE *mbf)
 static int
 mbx_delimit_begin (FILE *mbf)
 {
-  time_t now;
-  struct tm *ltime;
-  char fromline[40] = "From movemail ";
-
-  now = time (NULL);
-  ltime = localtime (&now);
-
-  strcat (fromline, asctime (ltime));
+  time_t now = time (NULL);
+  struct tm *ltime = localtime (&now);
+  if (!ltime)
+    return NOTOK;
 
+  char fromline[100];
+  if (! strftime (fromline, sizeof fromline,
+		  "From movemail %a %b %e %T %Y\n", ltime))
+    return NOTOK;
   if (fputs (fromline, mbf) == EOF)
     return (NOTOK);
   return (OK);