summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin Sonefors <robin.sonefors@op5.com>2013-01-23 19:10:55 +0100
committerSven Nierlein <sven@nierlein.de>2013-01-23 19:52:24 +0100
commit77eba263610bb9f85fa9fadf0df39b15bc1919ff (patch)
treed5415131a0a989edad83195b666dcb0d77163036
parent1845c4cdf98fe9cf4bc95b6e11ae94cec1dcd4cc (diff)
downloadmonitoring-plugins-77eba263610bb9f85fa9fadf0df39b15bc1919ff.tar.gz
check_snmp: Don't thrash memory when using multiple label/unit argument
The memory allocation mixed up number of bytes with number of pointers, meaning as soon as we'd reach (on 64 bit systems) the second argument, we'd start writing it outside of our allocated memory. Normally, this isn't too visible, but as soon as you (again, on my 64 bit system) reach argument number 8, you get a segfault. It is easily reproducible with: check_snmp -o '' -l '' -o '' -l '' -o '' -l '' -o '' -l '' \ -o '' -l '' -o '' -l '' -o '' -l '' -o '' -l '' This patch allocates the proper amount of memory, to fix the issue. Signed-off-by: Robin Sonefors <robin.sonefors@op5.com>
-rw-r--r--plugins/check_snmp.c22
1 files changed, 11 insertions, 11 deletions
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 8a8ee180..7c5d0ec5 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -200,8 +200,8 @@ main (int argc, char **argv)
200 bindtextdomain (PACKAGE, LOCALEDIR); 200 bindtextdomain (PACKAGE, LOCALEDIR);
201 textdomain (PACKAGE); 201 textdomain (PACKAGE);
202 202
203 labels = malloc (labels_size); 203 labels = malloc (labels_size * sizeof(*labels));
204 unitv = malloc (unitv_size); 204 unitv = malloc (unitv_size * sizeof(*unitv));
205 for (i = 0; i < MAX_OIDS; i++) 205 for (i = 0; i < MAX_OIDS; i++)
206 eval_method[i] = CHECK_UNDEF; 206 eval_method[i] = CHECK_UNDEF;
207 207
@@ -768,9 +768,9 @@ process_arguments (int argc, char **argv)
768 break; 768 break;
769 case 'l': /* label */ 769 case 'l': /* label */
770 nlabels++; 770 nlabels++;
771 if (nlabels >= labels_size) { 771 if (nlabels > labels_size) {
772 labels_size += 8; 772 labels_size += 8;
773 labels = realloc (labels, labels_size); 773 labels = realloc (labels, labels_size * sizeof(*labels));
774 if (labels == NULL) 774 if (labels == NULL)
775 die (STATE_UNKNOWN, _("Could not reallocate labels[%d]"), (int)nlabels); 775 die (STATE_UNKNOWN, _("Could not reallocate labels[%d]"), (int)nlabels);
776 } 776 }
@@ -780,13 +780,13 @@ process_arguments (int argc, char **argv)
780 if (ptr[0] == '\'') 780 if (ptr[0] == '\'')
781 labels[nlabels - 1] = ptr + 1; 781 labels[nlabels - 1] = ptr + 1;
782 while (ptr && (ptr = nextarg (ptr))) { 782 while (ptr && (ptr = nextarg (ptr))) {
783 if (nlabels >= labels_size) { 783 nlabels++;
784 if (nlabels > labels_size) {
784 labels_size += 8; 785 labels_size += 8;
785 labels = realloc (labels, labels_size); 786 labels = realloc (labels, labels_size * sizeof(*labels));
786 if (labels == NULL) 787 if (labels == NULL)
787 die (STATE_UNKNOWN, _("Could not reallocate labels\n")); 788 die (STATE_UNKNOWN, _("Could not reallocate labels\n"));
788 } 789 }
789 nlabels++;
790 ptr = thisarg (ptr); 790 ptr = thisarg (ptr);
791 if (ptr[0] == '\'') 791 if (ptr[0] == '\'')
792 labels[nlabels - 1] = ptr + 1; 792 labels[nlabels - 1] = ptr + 1;
@@ -797,9 +797,9 @@ process_arguments (int argc, char **argv)
797 case 'u': /* units */ 797 case 'u': /* units */
798 units = optarg; 798 units = optarg;
799 nunits++; 799 nunits++;
800 if (nunits >= unitv_size) { 800 if (nunits > unitv_size) {
801 unitv_size += 8; 801 unitv_size += 8;
802 unitv = realloc (unitv, unitv_size); 802 unitv = realloc (unitv, unitv_size * sizeof(*unitv));
803 if (unitv == NULL) 803 if (unitv == NULL)
804 die (STATE_UNKNOWN, _("Could not reallocate units [%d]\n"), (int)nunits); 804 die (STATE_UNKNOWN, _("Could not reallocate units [%d]\n"), (int)nunits);
805 } 805 }
@@ -809,9 +809,9 @@ process_arguments (int argc, char **argv)
809 if (ptr[0] == '\'') 809 if (ptr[0] == '\'')
810 unitv[nunits - 1] = ptr + 1; 810 unitv[nunits - 1] = ptr + 1;
811 while (ptr && (ptr = nextarg (ptr))) { 811 while (ptr && (ptr = nextarg (ptr))) {
812 if (nunits >= unitv_size) { 812 if (nunits > unitv_size) {
813 unitv_size += 8; 813 unitv_size += 8;
814 unitv = realloc (unitv, unitv_size); 814 unitv = realloc (unitv, unitv_size * sizeof(*unitv));
815 if (units == NULL) 815 if (units == NULL)
816 die (STATE_UNKNOWN, _("Could not realloc() units\n")); 816 die (STATE_UNKNOWN, _("Could not realloc() units\n"));
817 } 817 }