summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Lohoff <f@zz.de>2021-02-15 15:34:07 +0100
committerJan Wagner <waja@cyconet.org>2021-04-10 13:43:12 +0200
commit0d504aea51f4835f038ce1943175c943a4b6b1eb (patch)
tree2e5b3934ee205b7faed6a262e4ec6af1a0e7a63e
parente7598ae6377659430f38a5360aeb09d8a26b8e1a (diff)
downloadmonitoring-plugins-0d504aea51f4835f038ce1943175c943a4b6b1eb.tar.gz
Using snprintf which honors the buffers size and guarantees null termination. (Closes: #1601)
As strcpy may overflow the resulting buffer: flo@p5:~$ /tmp/f/usr/lib/nagios/plugins/check_pgsql -d "$(seq 1 10000)" *** buffer overflow detected ***: terminated Aborted I would propose to change the code rather like this, using snprintf which honors the buffers size and guarantees null termination.
-rw-r--r--plugins/check_pgsql.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 11ce6916..b8fc5f1d 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -347,7 +347,7 @@ process_arguments (int argc, char **argv)
347 if (!is_pg_dbname (optarg)) /* checks length and valid chars */ 347 if (!is_pg_dbname (optarg)) /* checks length and valid chars */
348 usage2 (_("Database name is not valid"), optarg); 348 usage2 (_("Database name is not valid"), optarg);
349 else /* we know length, and know optarg is terminated, so us strcpy */ 349 else /* we know length, and know optarg is terminated, so us strcpy */
350 strcpy (dbName, optarg); 350 snprintf(dbName, NAMEDATALEN, "%s", optarg);
351 break; 351 break;
352 case 'l': /* login name */ 352 case 'l': /* login name */
353 if (!is_pg_logname (optarg)) 353 if (!is_pg_logname (optarg))