From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: proc/sysinfo.c: Ensure null-termination in getstat().
X-Git-Tag: v3.3.15~74
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=920b0ada70e9c3137505c2645c67f4f63dc79c50;p=procps-ng

proc/sysinfo.c: Ensure null-termination in getstat().

There was a "buff[BUFFSIZE-1] = 0;" but there may be garbage between
what is read() (less than BUFFSIZE-1 bytes) and this null byte. Reuse
the construct from the preceding getrunners().
---

diff --git a/proc/sysinfo.c b/proc/sysinfo.c
index 42646942..4b2090be 100644
--- a/proc/sysinfo.c
+++ b/proc/sysinfo.c
@@ -524,7 +524,7 @@ void getstat(jiff *restrict cuse, jiff *restrict cice, jiff *restrict csys, jiff
   int need_vmstat_file = 0;
   int need_proc_scan = 0;
   const char* b;
-  buff[BUFFSIZE-1] = 0;  /* ensure null termination in buffer */
+  memset(buff, '\0', BUFFSIZE);  /* ensure null termination in buffer */
 
   if(fd){
     lseek(fd, 0L, SEEK_SET);