From 7e55bff63b07e203def50eb21da8b90f6e9b6c39 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] 0125-vmstat: Prevent out-of-bounds writes in new_header() and
 diskheader().

This does not happen with the default string (" -----timestamp-----"),
but this string is translated (to unknown lengths).

Signed-off-by: Craig Small <csmall@enc.com.au>
---
 vmstat.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/vmstat.c b/vmstat.c
index 6eaf7366..b46812a2 100644
--- a/vmstat.c
+++ b/vmstat.c
@@ -303,7 +303,10 @@ static void new_header(void)
         (void) time( &the_time );
         tm_ptr = localtime( &the_time );
 		if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-            timebuf[strlen(timestamp_header) - 1] = '\0';
+			const size_t len = strlen(timestamp_header);
+			if (len >= 1 && len - 1 < sizeof(timebuf)) {
+				timebuf[len - 1] = '\0';
+			}
         } else {
             timebuf[0] = '\0';
         }
@@ -617,7 +620,10 @@ static void diskheader(void)
         (void) time( &the_time );
         tm_ptr = localtime( &the_time );
 		if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-            timebuf[strlen(timestamp_header) - 1] = '\0';
+			const size_t len = strlen(timestamp_header);
+			if (len >= 1 && len - 1 < sizeof(timebuf)) {
+				timebuf[len - 1] = '\0';
+			}
         } else {
             timebuf[0] = '\0';
         }