summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorThomas Guyot-Sionnest <dermoth@users.sourceforge.net>2007-11-09 16:05:48 +0000
committerThomas Guyot-Sionnest <dermoth@users.sourceforge.net>2007-11-09 16:05:48 +0000
commitd2f758c5ee662e1181b01083bbb50da034f14ad4 (patch)
tree4da5799eee4e407f1b48e4da553949250f54da73 /plugins
parent25624346481067be006ccd4a3b07afcf0cbb96ae (diff)
downloadmonitoring-plugins-d2f758c5ee662e1181b01083bbb50da034f14ad4.tar.gz
Fix check_snmp buffer overflow (CVE-2007-5623)
This patch comes from the Gentoo Portage tree but I couldn't find the author. I sent an email and will give credits when I get an answer. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1814 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_snmp.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 3f9a03d2..9fa4a60b 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -226,12 +226,16 @@ main (int argc, char **argv)
226 226
227 ptr = output; 227 ptr = output;
228 228
229 strcat(perfstr, "| "); 229 strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1);
230 while (ptr) { 230 while (ptr) {
231 char *foo; 231 char *foo;
232 unsigned int copylen;
232 233
233 foo = strstr (ptr, delimiter); 234 foo = strstr (ptr, delimiter);
234 strncat(perfstr, ptr, foo-ptr); 235 copylen = foo-ptr;
236 if (copylen > sizeof(perfstr)-strlen(perfstr)-1)
237 copylen = sizeof(perfstr)-strlen(perfstr)-1;
238 strncat(perfstr, ptr, copylen);
235 ptr = foo; 239 ptr = foo;
236 240
237 if (ptr == NULL) 241 if (ptr == NULL)
@@ -364,11 +368,11 @@ main (int argc, char **argv)
364 368
365 i++; 369 i++;
366 370
367 strcat(perfstr, "="); 371 strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
368 strcat(perfstr, show); 372 strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);
369 if (type) 373 if (type)
370 strcat(perfstr, type); 374 strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
371 strcat(perfstr, " "); 375 strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
372 376
373 } /* end while (ptr) */ 377 } /* end while (ptr) */
374 378