From 00ab5f0b32a0e137874cb5830bc0b2ed41ff1cde Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] proc/whattime.c: Always initialize buf. In the human_readable case; otherwise the strcat() that follows may append bytes to the previous contents of buf. Also, slightly enlarge buf, as it was a bit too tight. Could also replace all sprintf()s with snprintf()s, but all the calls here output a limited number of characters, so they should be safe. --- proc/whattime.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/proc/whattime.c b/proc/whattime.c index f55f3636..c223cad6 100644 --- a/proc/whattime.c +++ b/proc/whattime.c @@ -38,7 +38,7 @@ #include "whattime.h" #include "sysinfo.h" -static char buf[128]; +static char buf[256]; static double av[3]; char *sprint_uptime(int human_readable) { @@ -60,6 +60,7 @@ char *sprint_uptime(int human_readable) { realtime->tm_hour, realtime->tm_min, realtime->tm_sec); } else { pos = 0; + buf[0] = '\0'; } /* read and calculate the amount of uptime */ -- 2.40.0