44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
From 0bfe708c4b22d901ded1148e5771946568817326 Mon Sep 17 00:00:00 2001
|
|
From: Qualys Security Advisory <qsa@qualys.com>
|
|
Date: Thu, 1 Jan 1970 00:00:00 +0000
|
|
Subject: [PATCH 17/65] vmstat: Prevent out-of-bounds writes in new_header()
|
|
and diskheader().
|
|
|
|
This does not happen with the default string (" -----timestamp-----"),
|
|
but this string is translated (to unknown lengths).
|
|
---
|
|
vmstat.c | 10 ++++++++--
|
|
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/vmstat.c b/vmstat.c
|
|
index 837244a..e0fe5f6 100644
|
|
--- a/vmstat.c
|
|
+++ b/vmstat.c
|
|
@@ -256,7 +256,10 @@ static void new_header(void)
|
|
(void) time( &the_time );
|
|
tm_ptr = localtime( &the_time );
|
|
if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
|
|
- timebuf[strlen(timestamp_header) - 1] = '\0';
|
|
+ const size_t len = strlen(timestamp_header);
|
|
+ if (len >= 1 && len - 1 < sizeof(timebuf)) {
|
|
+ timebuf[len - 1] = '\0';
|
|
+ }
|
|
} else {
|
|
timebuf[0] = '\0';
|
|
}
|
|
@@ -566,7 +569,10 @@ static void diskheader(void)
|
|
(void) time( &the_time );
|
|
tm_ptr = localtime( &the_time );
|
|
if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
|
|
- timebuf[strlen(timestamp_header) - 1] = '\0';
|
|
+ const size_t len = strlen(timestamp_header);
|
|
+ if (len >= 1 && len - 1 < sizeof(timebuf)) {
|
|
+ timebuf[len - 1] = '\0';
|
|
+ }
|
|
} else {
|
|
timebuf[0] = '\0';
|
|
}
|
|
--
|
|
2.6.4.windows.1
|
|
|