proc/whattime.c: Always initialize buf.

In the human_readable case; otherwise the strcat() that follows may
append bytes to the previous contents of buf.

Also, slightly enlarge buf, as it was a bit too tight.

Could also replace all sprintf()s with snprintf()s, but all the calls
here output a limited number of characters, so they should be safe.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 7382ac88d5
commit 00ab5f0b32

View File

@ -38,7 +38,7 @@
#include "whattime.h" #include "whattime.h"
#include "sysinfo.h" #include "sysinfo.h"
static char buf[128]; static char buf[256];
static double av[3]; static double av[3];
char *sprint_uptime(int human_readable) { char *sprint_uptime(int human_readable) {
@ -60,6 +60,7 @@ char *sprint_uptime(int human_readable) {
realtime->tm_hour, realtime->tm_min, realtime->tm_sec); realtime->tm_hour, realtime->tm_min, realtime->tm_sec);
} else { } else {
pos = 0; pos = 0;
buf[0] = '\0';
} }
/* read and calculate the amount of uptime */ /* read and calculate the amount of uptime */