0125-vmstat: Prevent out-of-bounds writes in new_header() and diskheader().

This does not happen with the default string (" -----timestamp-----"),
but this string is translated (to unknown lengths).

Signed-off-by: Craig Small <csmall@enc.com.au>
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent aca26df501
commit 7e55bff63b

View File

@ -303,7 +303,10 @@ static void new_header(void)
(void) time( &the_time ); (void) time( &the_time );
tm_ptr = localtime( &the_time ); tm_ptr = localtime( &the_time );
if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) { if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
timebuf[strlen(timestamp_header) - 1] = '\0'; const size_t len = strlen(timestamp_header);
if (len >= 1 && len - 1 < sizeof(timebuf)) {
timebuf[len - 1] = '\0';
}
} else { } else {
timebuf[0] = '\0'; timebuf[0] = '\0';
} }
@ -617,7 +620,10 @@ static void diskheader(void)
(void) time( &the_time ); (void) time( &the_time );
tm_ptr = localtime( &the_time ); tm_ptr = localtime( &the_time );
if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) { if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
timebuf[strlen(timestamp_header) - 1] = '\0'; const size_t len = strlen(timestamp_header);
if (len >= 1 && len - 1 < sizeof(timebuf)) {
timebuf[len - 1] = '\0';
}
} else { } else {
timebuf[0] = '\0'; timebuf[0] = '\0';
} }