[Nagiosplug-checkins] SF.net SVN: nagiosplug: [1814]	nagiosplug/trunk/plugins/check_snmp.c
    dermoth at users.sourceforge.net 
    dermoth at users.sourceforge.net
       
    Fri Nov  9 17:05:48 CET 2007
    
    
  
Revision: 1814
          http://nagiosplug.svn.sourceforge.net/nagiosplug/?rev=1814&view=rev
Author:   dermoth
Date:     2007-11-09 08:05:48 -0800 (Fri, 09 Nov 2007)
Log Message:
-----------
Fix check_snmp buffer overflow (CVE-2007-5623)
This patch comes from the Gentoo Portage tree but I couldn't find the author. I sent an email and will give credits when I get an answer.
Modified Paths:
--------------
    nagiosplug/trunk/plugins/check_snmp.c
Modified: nagiosplug/trunk/plugins/check_snmp.c
===================================================================
--- nagiosplug/trunk/plugins/check_snmp.c	2007-11-09 13:08:43 UTC (rev 1813)
+++ nagiosplug/trunk/plugins/check_snmp.c	2007-11-09 16:05:48 UTC (rev 1814)
@@ -226,12 +226,16 @@
 
 	ptr = output;
 
-	strcat(perfstr, "| ");
+	strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1);
 	while (ptr) {
 		char *foo;
+		unsigned int copylen;
 
 		foo = strstr (ptr, delimiter);
-		strncat(perfstr, ptr, foo-ptr);
+		copylen = foo-ptr;
+		if (copylen > sizeof(perfstr)-strlen(perfstr)-1)
+			copylen = sizeof(perfstr)-strlen(perfstr)-1;
+		strncat(perfstr, ptr, copylen);
 		ptr = foo; 
 
 		if (ptr == NULL)
@@ -364,11 +368,11 @@
 
 		i++;
 
-		strcat(perfstr, "=");
-		strcat(perfstr, show);
+		strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
+		strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);
 		if (type)
-			strcat(perfstr, type);
-		strcat(perfstr, " ");
+			strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
+		strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
 
 	}	/* end while (ptr) */
 
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
    
    
More information about the Commits
mailing list