From d2f758c5ee662e1181b01083bbb50da034f14ad4 Mon Sep 17 00:00:00 2001
From: Thomas Guyot-Sionnest <dermoth@users.sourceforge.net>
Date: Fri, 9 Nov 2007 16:05:48 +0000
Subject: Fix check_snmp buffer overflow (CVE-2007-5623)

This patch comes from the Gentoo Portage tree but I couldn't find the author. I sent an email and will give credits when I get an answer.


git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1814 f882894a-f735-0410-b71e-b25c423dba1c

diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 3f9a03d..9fa4a60 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -226,12 +226,16 @@ main (int argc, char **argv)
 
 	ptr = output;
 
-	strcat(perfstr, "| ");
+	strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1);
 	while (ptr) {
 		char *foo;
+		unsigned int copylen;
 
 		foo = strstr (ptr, delimiter);
-		strncat(perfstr, ptr, foo-ptr);
+		copylen = foo-ptr;
+		if (copylen > sizeof(perfstr)-strlen(perfstr)-1)
+			copylen = sizeof(perfstr)-strlen(perfstr)-1;
+		strncat(perfstr, ptr, copylen);
 		ptr = foo; 
 
 		if (ptr == NULL)
@@ -364,11 +368,11 @@ main (int argc, char **argv)
 
 		i++;
 
-		strcat(perfstr, "=");
-		strcat(perfstr, show);
+		strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
+		strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);
 		if (type)
-			strcat(perfstr, type);
-		strcat(perfstr, " ");
+			strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
+		strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
 
 	}	/* end while (ptr) */
 
-- 
cgit v0.10-9-g596f