diff options
author | Holger Weiss <hweiss@users.sourceforge.net> | 2007-03-31 18:48:17 +0000 |
---|---|---|
committer | Holger Weiss <hweiss@users.sourceforge.net> | 2007-03-31 18:48:17 +0000 |
commit | cedc77a0ae4111d96f9d7c8893c11df2a7c9ddee (patch) | |
tree | a78d74ba135cfbc80483099e3c9a6079177cf0f7 /plugins | |
parent | eac5cdc26fd8c5e38690dc242b462e3ff3d68415 (diff) | |
download | monitoring-plugins-cedc77a0ae4111d96f9d7c8893c11df2a7c9ddee.tar.gz |
Fix an out-of-bounds memcpy(3) and add a realloc(3) error check in
jitter_request().
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1666 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_ntp.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index ab23249e..9fbdedd6 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -506,6 +506,7 @@ double jitter_request(const char *host, int *status){ ntp_control_message req; double rval = 0.0, jitter = -1.0; char *startofvalue=NULL, *nptr=NULL; + void *tmp; /* Long-winded explanation: * Getting the jitter requires a number of steps: @@ -539,8 +540,10 @@ double jitter_request(const char *host, int *status){ * we represent as a ntp_assoc_status_pair datatype. */ npeers+=(ntohs(req.count)/sizeof(ntp_assoc_status_pair)); - peers=(ntp_assoc_status_pair*)realloc(peers, sizeof(ntp_assoc_status_pair)*npeers); - memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, sizeof(ntp_assoc_status_pair)*npeers); + if((tmp=realloc(peers, sizeof(ntp_assoc_status_pair)*npeers)) == NULL) + free(peers), die(STATE_UNKNOWN, "can not (re)allocate 'peers' buffer\n"); + peers=tmp; + memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, ntohs(req.count)); peer_offset+=ntohs(req.count); } while(req.op&REM_MORE); |