From 00ab5f0b32a0e137874cb5830bc0b2ed41ff1cde Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] proc/whattime.c: Always initialize buf.

In the human_readable case; otherwise the strcat() that follows may
append bytes to the previous contents of buf.

Also, slightly enlarge buf, as it was a bit too tight.

Could also replace all sprintf()s with snprintf()s, but all the calls
here output a limited number of characters, so they should be safe.
---
 proc/whattime.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/proc/whattime.c b/proc/whattime.c
index f55f3636..c223cad6 100644
--- a/proc/whattime.c
+++ b/proc/whattime.c
@@ -38,7 +38,7 @@
 #include "whattime.h"
 #include "sysinfo.h"
 
-static char buf[128];
+static char buf[256];
 static double av[3];
 
 char *sprint_uptime(int human_readable) {
@@ -60,6 +60,7 @@ char *sprint_uptime(int human_readable) {
       realtime->tm_hour, realtime->tm_min, realtime->tm_sec);
   } else {
     pos = 0;
+    buf[0] = '\0';
   }
 
 /* read and calculate the amount of uptime */