[Nagiosplug-devel] [ nagiosplug-Bugs-1630970 ] Fix for buffer overflow of check_procs procprog string
SourceForge.net
noreply at sourceforge.net
Wed Jan 17 06:30:03 CET 2007
Bugs item #1630970, was opened at 2007-01-08 17:51
Message generated for change (Comment added) made by dermoth
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1630970&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: CVS
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Jason Hoos (jhoos)
Assigned to: Nobody/Anonymous (nobody)
Summary: Fix for buffer overflow of check_procs procprog string
Initial Comment:
Line 196 of the file check_procs.c contains a line that, if executed often enough, will cause the procprog pointer variable to run past the end of its originally-allocated buffer, which in turn causes erratic program behavior.
The line in question reads:
procprog = base_name(procprog);
which, depending on the implementation of base_name, will either assign procprog to point to a deeper location within its original buffer, or may cause it to point to some other static memory entirely.
The attached patch changes this to use:
strcpy(base_name(procprog));
to avoid this problem. This solved erratic behavior on a Solaris 8 system that was using the system's 'ps' command instead of 'pst3'.
This patch is related to bug 1578214, and possibly to bug 1595449 (particularly the part that recommends changing MAX_INPUT_BUFFER to 4096).
----------------------------------------------------------------------
>Comment By: Thomas Guyot (dermoth)
Date: 2007-01-17 00:30
Message:
Logged In: YES
user_id=375623
Originator: NO
Thanks. It's now fixed in CVS.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1630970&group_id=29880
More information about the Devel
mailing list