[monitoring-plugins] plugins-root/check_dhcp.c - array out of bounds

Jan Wagner git at monitoring-plugins.org
Sat Jun 28 22:20:08 CEST 2014

Previous message: [monitoring-plugins] plugins/check_http.c - leakage fix
Next message: [monitoring-plugins] plugins/negate.c - Reorder if statement, aiob
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Module: monitoring-plugins
    Branch: master
    Commit: e7e6edb2f8e43085d02cdda93fe16256ab3a35fe
    Author: Spenser Reinhardt <sreinhardt at nagios.com>
 Committer: Jan Wagner <waja at cyconet.org>
      Date: Sun Jun 22 16:02:19 2014 -0500
       URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=e7e6edb

plugins-root/check_dhcp.c - array out of bounds

Coverity 66488 - offer_packet->options has a max size of 312. It was being used in a loop verifying less than 311, but increasing by 2 per loop, causing a possible array index out of bounds. Changed to checking less than max length - 1. - SR

---

 plugins-root/check_dhcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c
index 1ec5c39..b69a10d 100644
--- a/plugins-root/check_dhcp.c
+++ b/plugins-root/check_dhcp.c
@@ -837,7 +837,7 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){
 		return ERROR;
 
 	/* process all DHCP options present in the packet */
-	for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){
+	for(x=4;x<MAX_DHCP_OPTIONS_LENGTH-1;){
 
 		if((int)offer_packet->options[x]==-1)
 			break;

Previous message: [monitoring-plugins] plugins/check_http.c - leakage fix
Next message: [monitoring-plugins] plugins/negate.c - Reorder if statement, aiob
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list