diff options
author | Robin Sonefors <robin.sonefors@op5.com> | 2013-01-23 19:10:55 +0100 |
---|---|---|
committer | Sven Nierlein <sven@nierlein.de> | 2013-01-23 19:52:24 +0100 |
commit | 77eba263610bb9f85fa9fadf0df39b15bc1919ff (patch) | |
tree | d5415131a0a989edad83195b666dcb0d77163036 | |
parent | 1845c4cdf98fe9cf4bc95b6e11ae94cec1dcd4cc (diff) | |
download | monitoring-plugins-77eba263610bb9f85fa9fadf0df39b15bc1919ff.tar.gz |
check_snmp: Don't thrash memory when using multiple label/unit argument
The memory allocation mixed up number of bytes with number of pointers,
meaning as soon as we'd reach (on 64 bit systems) the second argument,
we'd start writing it outside of our allocated memory.
Normally, this isn't too visible, but as soon as you (again, on my 64
bit system) reach argument number 8, you get a segfault. It is easily
reproducible with:
check_snmp -o '' -l '' -o '' -l '' -o '' -l '' -o '' -l '' \
-o '' -l '' -o '' -l '' -o '' -l '' -o '' -l ''
This patch allocates the proper amount of memory, to fix the issue.
Signed-off-by: Robin Sonefors <robin.sonefors@op5.com>
-rw-r--r-- | plugins/check_snmp.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 8a8ee180..7c5d0ec5 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c | |||
@@ -200,8 +200,8 @@ main (int argc, char **argv) | |||
200 | bindtextdomain (PACKAGE, LOCALEDIR); | 200 | bindtextdomain (PACKAGE, LOCALEDIR); |
201 | textdomain (PACKAGE); | 201 | textdomain (PACKAGE); |
202 | 202 | ||
203 | labels = malloc (labels_size); | 203 | labels = malloc (labels_size * sizeof(*labels)); |
204 | unitv = malloc (unitv_size); | 204 | unitv = malloc (unitv_size * sizeof(*unitv)); |
205 | for (i = 0; i < MAX_OIDS; i++) | 205 | for (i = 0; i < MAX_OIDS; i++) |
206 | eval_method[i] = CHECK_UNDEF; | 206 | eval_method[i] = CHECK_UNDEF; |
207 | 207 | ||
@@ -768,9 +768,9 @@ process_arguments (int argc, char **argv) | |||
768 | break; | 768 | break; |
769 | case 'l': /* label */ | 769 | case 'l': /* label */ |
770 | nlabels++; | 770 | nlabels++; |
771 | if (nlabels >= labels_size) { | 771 | if (nlabels > labels_size) { |
772 | labels_size += 8; | 772 | labels_size += 8; |
773 | labels = realloc (labels, labels_size); | 773 | labels = realloc (labels, labels_size * sizeof(*labels)); |
774 | if (labels == NULL) | 774 | if (labels == NULL) |
775 | die (STATE_UNKNOWN, _("Could not reallocate labels[%d]"), (int)nlabels); | 775 | die (STATE_UNKNOWN, _("Could not reallocate labels[%d]"), (int)nlabels); |
776 | } | 776 | } |
@@ -780,13 +780,13 @@ process_arguments (int argc, char **argv) | |||
780 | if (ptr[0] == '\'') | 780 | if (ptr[0] == '\'') |
781 | labels[nlabels - 1] = ptr + 1; | 781 | labels[nlabels - 1] = ptr + 1; |
782 | while (ptr && (ptr = nextarg (ptr))) { | 782 | while (ptr && (ptr = nextarg (ptr))) { |
783 | if (nlabels >= labels_size) { | 783 | nlabels++; |
784 | if (nlabels > labels_size) { | ||
784 | labels_size += 8; | 785 | labels_size += 8; |
785 | labels = realloc (labels, labels_size); | 786 | labels = realloc (labels, labels_size * sizeof(*labels)); |
786 | if (labels == NULL) | 787 | if (labels == NULL) |
787 | die (STATE_UNKNOWN, _("Could not reallocate labels\n")); | 788 | die (STATE_UNKNOWN, _("Could not reallocate labels\n")); |
788 | } | 789 | } |
789 | nlabels++; | ||
790 | ptr = thisarg (ptr); | 790 | ptr = thisarg (ptr); |
791 | if (ptr[0] == '\'') | 791 | if (ptr[0] == '\'') |
792 | labels[nlabels - 1] = ptr + 1; | 792 | labels[nlabels - 1] = ptr + 1; |
@@ -797,9 +797,9 @@ process_arguments (int argc, char **argv) | |||
797 | case 'u': /* units */ | 797 | case 'u': /* units */ |
798 | units = optarg; | 798 | units = optarg; |
799 | nunits++; | 799 | nunits++; |
800 | if (nunits >= unitv_size) { | 800 | if (nunits > unitv_size) { |
801 | unitv_size += 8; | 801 | unitv_size += 8; |
802 | unitv = realloc (unitv, unitv_size); | 802 | unitv = realloc (unitv, unitv_size * sizeof(*unitv)); |
803 | if (unitv == NULL) | 803 | if (unitv == NULL) |
804 | die (STATE_UNKNOWN, _("Could not reallocate units [%d]\n"), (int)nunits); | 804 | die (STATE_UNKNOWN, _("Could not reallocate units [%d]\n"), (int)nunits); |
805 | } | 805 | } |
@@ -809,9 +809,9 @@ process_arguments (int argc, char **argv) | |||
809 | if (ptr[0] == '\'') | 809 | if (ptr[0] == '\'') |
810 | unitv[nunits - 1] = ptr + 1; | 810 | unitv[nunits - 1] = ptr + 1; |
811 | while (ptr && (ptr = nextarg (ptr))) { | 811 | while (ptr && (ptr = nextarg (ptr))) { |
812 | if (nunits >= unitv_size) { | 812 | if (nunits > unitv_size) { |
813 | unitv_size += 8; | 813 | unitv_size += 8; |
814 | unitv = realloc (unitv, unitv_size); | 814 | unitv = realloc (unitv, unitv_size * sizeof(*unitv)); |
815 | if (units == NULL) | 815 | if (units == NULL) |
816 | die (STATE_UNKNOWN, _("Could not realloc() units\n")); | 816 | die (STATE_UNKNOWN, _("Could not realloc() units\n")); |
817 | } | 817 | } |