diff options
author | Holger Weiss <hweiss@users.sourceforge.net> | 2007-03-31 18:48:17 +0000 |
---|---|---|
committer | Holger Weiss <hweiss@users.sourceforge.net> | 2007-03-31 18:48:17 +0000 |
commit | cedc77a0ae4111d96f9d7c8893c11df2a7c9ddee (patch) | |
tree | a78d74ba135cfbc80483099e3c9a6079177cf0f7 /plugins | |
parent | eac5cdc26fd8c5e38690dc242b462e3ff3d68415 (diff) | |
download | monitoring-plugins-cedc77a0ae4111d96f9d7c8893c11df2a7c9ddee.tar.gz |
Fix an out-of-bounds memcpy(3) and add a realloc(3) error check in
jitter_request().
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1666 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_ntp.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index ab23249e..9fbdedd6 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c | |||
@@ -506,6 +506,7 @@ double jitter_request(const char *host, int *status){ | |||
506 | ntp_control_message req; | 506 | ntp_control_message req; |
507 | double rval = 0.0, jitter = -1.0; | 507 | double rval = 0.0, jitter = -1.0; |
508 | char *startofvalue=NULL, *nptr=NULL; | 508 | char *startofvalue=NULL, *nptr=NULL; |
509 | void *tmp; | ||
509 | 510 | ||
510 | /* Long-winded explanation: | 511 | /* Long-winded explanation: |
511 | * Getting the jitter requires a number of steps: | 512 | * Getting the jitter requires a number of steps: |
@@ -539,8 +540,10 @@ double jitter_request(const char *host, int *status){ | |||
539 | * we represent as a ntp_assoc_status_pair datatype. | 540 | * we represent as a ntp_assoc_status_pair datatype. |
540 | */ | 541 | */ |
541 | npeers+=(ntohs(req.count)/sizeof(ntp_assoc_status_pair)); | 542 | npeers+=(ntohs(req.count)/sizeof(ntp_assoc_status_pair)); |
542 | peers=(ntp_assoc_status_pair*)realloc(peers, sizeof(ntp_assoc_status_pair)*npeers); | 543 | if((tmp=realloc(peers, sizeof(ntp_assoc_status_pair)*npeers)) == NULL) |
543 | memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, sizeof(ntp_assoc_status_pair)*npeers); | 544 | free(peers), die(STATE_UNKNOWN, "can not (re)allocate 'peers' buffer\n"); |
545 | peers=tmp; | ||
546 | memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, ntohs(req.count)); | ||
544 | peer_offset+=ntohs(req.count); | 547 | peer_offset+=ntohs(req.count); |
545 | } while(req.op&REM_MORE); | 548 | } while(req.op&REM_MORE); |
546 | 549 | ||