summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Weiss <hweiss@users.sourceforge.net>2007-03-31 18:48:17 (GMT)
committerHolger Weiss <hweiss@users.sourceforge.net>2007-03-31 18:48:17 (GMT)
commitcedc77a0ae4111d96f9d7c8893c11df2a7c9ddee (patch)
treea78d74ba135cfbc80483099e3c9a6079177cf0f7
parenteac5cdc26fd8c5e38690dc242b462e3ff3d68415 (diff)
downloadmonitoring-plugins-cedc77a0ae4111d96f9d7c8893c11df2a7c9ddee.tar.gz
Fix an out-of-bounds memcpy(3) and add a realloc(3) error check in
jitter_request(). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1666 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r--plugins/check_ntp.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index ab23249..9fbdedd 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -506,6 +506,7 @@ double jitter_request(const char *host, int *status){
506 ntp_control_message req; 506 ntp_control_message req;
507 double rval = 0.0, jitter = -1.0; 507 double rval = 0.0, jitter = -1.0;
508 char *startofvalue=NULL, *nptr=NULL; 508 char *startofvalue=NULL, *nptr=NULL;
509 void *tmp;
509 510
510 /* Long-winded explanation: 511 /* Long-winded explanation:
511 * Getting the jitter requires a number of steps: 512 * Getting the jitter requires a number of steps:
@@ -539,8 +540,10 @@ double jitter_request(const char *host, int *status){
539 * we represent as a ntp_assoc_status_pair datatype. 540 * we represent as a ntp_assoc_status_pair datatype.
540 */ 541 */
541 npeers+=(ntohs(req.count)/sizeof(ntp_assoc_status_pair)); 542 npeers+=(ntohs(req.count)/sizeof(ntp_assoc_status_pair));
542 peers=(ntp_assoc_status_pair*)realloc(peers, sizeof(ntp_assoc_status_pair)*npeers); 543 if((tmp=realloc(peers, sizeof(ntp_assoc_status_pair)*npeers)) == NULL)
543 memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, sizeof(ntp_assoc_status_pair)*npeers); 544 free(peers), die(STATE_UNKNOWN, "can not (re)allocate 'peers' buffer\n");
545 peers=tmp;
546 memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, ntohs(req.count));
544 peer_offset+=ntohs(req.count); 547 peer_offset+=ntohs(req.count);
545 } while(req.op&REM_MORE); 548 } while(req.op&REM_MORE);
546 549