From d2f758c5ee662e1181b01083bbb50da034f14ad4 Mon Sep 17 00:00:00 2001 From: Thomas Guyot-Sionnest Date: Fri, 9 Nov 2007 16:05:48 +0000 Subject: Fix check_snmp buffer overflow (CVE-2007-5623) This patch comes from the Gentoo Portage tree but I couldn't find the author. I sent an email and will give credits when I get an answer. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1814 f882894a-f735-0410-b71e-b25c423dba1c diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 3f9a03d..9fa4a60 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -226,12 +226,16 @@ main (int argc, char **argv) ptr = output; - strcat(perfstr, "| "); + strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1); while (ptr) { char *foo; + unsigned int copylen; foo = strstr (ptr, delimiter); - strncat(perfstr, ptr, foo-ptr); + copylen = foo-ptr; + if (copylen > sizeof(perfstr)-strlen(perfstr)-1) + copylen = sizeof(perfstr)-strlen(perfstr)-1; + strncat(perfstr, ptr, copylen); ptr = foo; if (ptr == NULL) @@ -364,11 +368,11 @@ main (int argc, char **argv) i++; - strcat(perfstr, "="); - strcat(perfstr, show); + strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1); + strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1); if (type) - strcat(perfstr, type); - strcat(perfstr, " "); + strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); + strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1); } /* end while (ptr) */ -- cgit v0.10-9-g596f