procps-ng/vmstat-Check-return-values-of-localtime-and-strftime.patch

From 0b55f0dc80e886d43c2e966000e6d56c6535cdb0 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH 16/65] vmstat: Check return values of localtime() and
 strftime().

Otherwise it leads to NULL-pointer dereferences (in case of localtime()
errors) and indeterminate contents of timebuf (in case of strftime()
errors).
---
 vmstat.c | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/vmstat.c b/vmstat.c
index c5f6d62..837244a 100644
--- a/vmstat.c
+++ b/vmstat.c
@@ -255,7 +255,7 @@ static void new_header(void)
 	if (t_option) {
 		(void) time( &the_time );
 		tm_ptr = localtime( &the_time );
-		if (strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
+		if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
 			timebuf[strlen(timestamp_header) - 1] = '\0';
 		} else {
 			timebuf[0] = '\0';
@@ -307,7 +307,11 @@ static void new_format(void)
 	if (t_option) {
 		(void) time( &the_time );
 		tm_ptr = localtime( &the_time );
-		strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);
+		if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {
+			;
+		} else {
+			timebuf[0] = '\0';
+		}
 	}
 
 	duse = *cpu_use + *cpu_nic;
@@ -360,7 +364,11 @@ static void new_format(void)
 		if (t_option) {
 			(void) time( &the_time );
 			tm_ptr = localtime( &the_time );
-			strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);
+			if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {
+				;
+			} else {
+				timebuf[0] = '\0';
+			}
 		}
 
 		duse =
@@ -557,7 +565,7 @@ static void diskheader(void)
 	if (t_option) {
 		(void) time( &the_time );
 		tm_ptr = localtime( &the_time );
-		if (strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
+		if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
 			timebuf[strlen(timestamp_header) - 1] = '\0';
 		} else {
 			timebuf[0] = '\0';
@@ -591,7 +599,11 @@ static void diskformat(void)
 		if (t_option) {
 			(void) time( &the_time );
 			tm_ptr = localtime( &the_time );
-			strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);
+			if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {
+				;
+			} else {
+				timebuf[0] = '\0';
+			}
 		}
 
 		if (!moreheaders)
@@ -630,7 +642,11 @@ static void diskformat(void)
 			if (t_option) {
 				(void) time( &the_time );
 				tm_ptr = localtime( &the_time );
-				strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);
+				if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {
+					;
+				} else {
+					timebuf[0] = '\0';
+				}
 			}
 
 			for (i = 0; i < ndisks; i++, k++) {
-- 
2.6.4.windows.1
Package init 2019-12-25 17:13:31 +08:00			`From 0b55f0dc80e886d43c2e966000e6d56c6535cdb0 Mon Sep 17 00:00:00 2001`
			`From: Qualys Security Advisory <qsa@qualys.com>`
			`Date: Thu, 1 Jan 1970 00:00:00 +0000`
			`Subject: [PATCH 16/65] vmstat: Check return values of localtime() and`
			`strftime().`

			`Otherwise it leads to NULL-pointer dereferences (in case of localtime()`
			`errors) and indeterminate contents of timebuf (in case of strftime()`
			`errors).`
			`---`
			`vmstat.c \| 28 ++++++++++++++++++++++------`
			`1 file changed, 22 insertions(+), 6 deletions(-)`

			`diff --git a/vmstat.c b/vmstat.c`
			`index c5f6d62..837244a 100644`
			`--- a/vmstat.c`
			`+++ b/vmstat.c`
			`@@ -255,7 +255,7 @@ static void new_header(void)`
			`if (t_option) {`
			`(void) time( &the_time );`
			`tm_ptr = localtime( &the_time );`
			`- if (strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {`
			`+ if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {`
			`timebuf[strlen(timestamp_header) - 1] = '\0';`
			`} else {`
			`timebuf[0] = '\0';`
			`@@ -307,7 +307,11 @@ static void new_format(void)`
			`if (t_option) {`
			`(void) time( &the_time );`
			`tm_ptr = localtime( &the_time );`
			`- strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);`
			`+ if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {`
			`+ ;`
			`+ } else {`
			`+ timebuf[0] = '\0';`
			`+ }`
			`}`

			`duse = cpu_use + cpu_nic;`
			`@@ -360,7 +364,11 @@ static void new_format(void)`
			`if (t_option) {`
			`(void) time( &the_time );`
			`tm_ptr = localtime( &the_time );`
			`- strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);`
			`+ if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {`
			`+ ;`
			`+ } else {`
			`+ timebuf[0] = '\0';`
			`+ }`
			`}`

			`duse =`
			`@@ -557,7 +565,7 @@ static void diskheader(void)`
			`if (t_option) {`
			`(void) time( &the_time );`
			`tm_ptr = localtime( &the_time );`
			`- if (strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {`
			`+ if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {`
			`timebuf[strlen(timestamp_header) - 1] = '\0';`
			`} else {`
			`timebuf[0] = '\0';`
			`@@ -591,7 +599,11 @@ static void diskformat(void)`
			`if (t_option) {`
			`(void) time( &the_time );`
			`tm_ptr = localtime( &the_time );`
			`- strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);`
			`+ if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {`
			`+ ;`
			`+ } else {`
			`+ timebuf[0] = '\0';`
			`+ }`
			`}`

			`if (!moreheaders)`
			`@@ -630,7 +642,11 @@ static void diskformat(void)`
			`if (t_option) {`
			`(void) time( &the_time );`
			`tm_ptr = localtime( &the_time );`
			`- strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr);`
			`+ if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) {`
			`+ ;`
			`+ } else {`
			`+ timebuf[0] = '\0';`
			`+ }`
			`}`

			`for (i = 0; i < ndisks; i++, k++) {`
			`--`
			`2.6.4.windows.1`