From aca26df5017a047cb50b04f067464a89c518d91b Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] 0124-vmstat: Check return values of localtime() and strftime(). Otherwise it leads to NULL-pointer dereferences (in case of localtime() errors) and indeterminate contents of timebuf (in case of strftime() errors). Signed-off-by: Craig Small --- vmstat.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/vmstat.c b/vmstat.c index c08349b9..6eaf7366 100644 --- a/vmstat.c +++ b/vmstat.c @@ -302,7 +302,7 @@ static void new_header(void) if (t_option) { (void) time( &the_time ); tm_ptr = localtime( &the_time ); - if (strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) { + if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) { timebuf[strlen(timestamp_header) - 1] = '\0'; } else { timebuf[0] = '\0'; @@ -365,7 +365,11 @@ static void new_format(void) if (t_option) { (void) time( &the_time ); tm_ptr = localtime( &the_time ); - strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr); + if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) { + ; + } else { + timebuf[0] = '\0'; + } } /* Do the initial fill */ if (!(stat_stack = procps_stat_select(stat_info, First_stat_items, MAX_stat))) @@ -440,7 +444,11 @@ static void new_format(void) if (t_option) { (void) time( &the_time ); tm_ptr = localtime( &the_time ); - strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr); + if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) { + ; + } else { + timebuf[0] = '\0'; + } } /* idle can run backwards for a moment -- kernel "feature" */ @@ -608,7 +616,7 @@ static void diskheader(void) if (t_option) { (void) time( &the_time ); tm_ptr = localtime( &the_time ); - if (strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) { + if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) { timebuf[strlen(timestamp_header) - 1] = '\0'; } else { timebuf[0] = '\0'; @@ -643,7 +651,11 @@ static void diskformat(void) if (t_option) { (void) time( &the_time ); tm_ptr = localtime( &the_time ); - strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr); + if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm_ptr)) { + ; + } else { + timebuf[0] = '\0'; + } } for (j = 0; j < reap->total; j++) { if (diskVAL(disk_TYPE, s_int) != DISKSTATS_TYPE_DISK) -- 2.40.0