diff options
author | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2007-11-09 16:05:48 +0000 |
---|---|---|
committer | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2007-11-09 16:05:48 +0000 |
commit | d2f758c5ee662e1181b01083bbb50da034f14ad4 (patch) | |
tree | 4da5799eee4e407f1b48e4da553949250f54da73 | |
parent | 25624346481067be006ccd4a3b07afcf0cbb96ae (diff) | |
download | monitoring-plugins-d2f758c5ee662e1181b01083bbb50da034f14ad4.tar.gz |
Fix check_snmp buffer overflow (CVE-2007-5623)
This patch comes from the Gentoo Portage tree but I couldn't find the author. I sent an email and will give credits when I get an answer.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1814 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r-- | plugins/check_snmp.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 3f9a03d2..9fa4a60b 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -226,12 +226,16 @@ main (int argc, char **argv) ptr = output; - strcat(perfstr, "| "); + strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1); while (ptr) { char *foo; + unsigned int copylen; foo = strstr (ptr, delimiter); - strncat(perfstr, ptr, foo-ptr); + copylen = foo-ptr; + if (copylen > sizeof(perfstr)-strlen(perfstr)-1) + copylen = sizeof(perfstr)-strlen(perfstr)-1; + strncat(perfstr, ptr, copylen); ptr = foo; if (ptr == NULL) @@ -364,11 +368,11 @@ main (int argc, char **argv) i++; - strcat(perfstr, "="); - strcat(perfstr, show); + strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1); + strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1); if (type) - strcat(perfstr, type); - strcat(perfstr, " "); + strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); + strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1); } /* end while (ptr) */ |