diff options
author | Spenser Reinhardt <sreinhardt@nagios.com> | 2014-06-22 16:02:19 -0500 |
---|---|---|
committer | Jan Wagner <waja@cyconet.org> | 2014-06-28 18:22:04 +0200 |
commit | e7e6edb2f8e43085d02cdda93fe16256ab3a35fe (patch) | |
tree | a85f5f4cd6fc14edc7fa368798c47afe26439a0f | |
parent | 5866cb0a09876d6b2a84006bda8aa9de7ea467fd (diff) | |
download | monitoring-plugins-e7e6edb2f8e43085d02cdda93fe16256ab3a35fe.tar.gz |
plugins-root/check_dhcp.c - array out of bounds
Coverity 66488 - offer_packet->options has a max size of 312. It was being used in a loop verifying less than 311, but increasing by 2 per loop, causing a possible array index out of bounds. Changed to checking less than max length - 1. - SR
-rw-r--r-- | plugins-root/check_dhcp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c index 1ec5c396..b69a10da 100644 --- a/plugins-root/check_dhcp.c +++ b/plugins-root/check_dhcp.c @@ -837,7 +837,7 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){ return ERROR; /* process all DHCP options present in the packet */ - for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){ + for(x=4;x<MAX_DHCP_OPTIONS_LENGTH-1;){ if((int)offer_packet->options[x]==-1) break; |