diff options
author | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2007-11-09 16:05:48 +0000 |
---|---|---|
committer | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2007-11-09 16:05:48 +0000 |
commit | d2f758c5ee662e1181b01083bbb50da034f14ad4 (patch) | |
tree | 4da5799eee4e407f1b48e4da553949250f54da73 /plugins | |
parent | 25624346481067be006ccd4a3b07afcf0cbb96ae (diff) | |
download | monitoring-plugins-d2f758c5ee662e1181b01083bbb50da034f14ad4.tar.gz |
Fix check_snmp buffer overflow (CVE-2007-5623)
This patch comes from the Gentoo Portage tree but I couldn't find the author. I sent an email and will give credits when I get an answer.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1814 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_snmp.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 3f9a03d2..9fa4a60b 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c | |||
@@ -226,12 +226,16 @@ main (int argc, char **argv) | |||
226 | 226 | ||
227 | ptr = output; | 227 | ptr = output; |
228 | 228 | ||
229 | strcat(perfstr, "| "); | 229 | strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1); |
230 | while (ptr) { | 230 | while (ptr) { |
231 | char *foo; | 231 | char *foo; |
232 | unsigned int copylen; | ||
232 | 233 | ||
233 | foo = strstr (ptr, delimiter); | 234 | foo = strstr (ptr, delimiter); |
234 | strncat(perfstr, ptr, foo-ptr); | 235 | copylen = foo-ptr; |
236 | if (copylen > sizeof(perfstr)-strlen(perfstr)-1) | ||
237 | copylen = sizeof(perfstr)-strlen(perfstr)-1; | ||
238 | strncat(perfstr, ptr, copylen); | ||
235 | ptr = foo; | 239 | ptr = foo; |
236 | 240 | ||
237 | if (ptr == NULL) | 241 | if (ptr == NULL) |
@@ -364,11 +368,11 @@ main (int argc, char **argv) | |||
364 | 368 | ||
365 | i++; | 369 | i++; |
366 | 370 | ||
367 | strcat(perfstr, "="); | 371 | strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1); |
368 | strcat(perfstr, show); | 372 | strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1); |
369 | if (type) | 373 | if (type) |
370 | strcat(perfstr, type); | 374 | strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); |
371 | strcat(perfstr, " "); | 375 | strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1); |
372 | 376 | ||
373 | } /* end while (ptr) */ | 377 | } /* end while (ptr) */ |
374 | 378 | ||