[Nagiosplug-devel] [ nagiosplug-Bugs-1630970 ] Fix for buffer overflow of check_procs procprog string

[SourceForge.net]

Bugs item #1630970, was opened at 2007-01-08 17:51
Message generated for change (Comment added) made by dermoth
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1630970&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: CVS
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Jason Hoos (jhoos)
Assigned to: Nobody/Anonymous (nobody)
Summary: Fix for buffer overflow of check_procs procprog string

Initial Comment:
Line 196 of the file check_procs.c contains a line that, if executed often enough, will cause the procprog pointer variable to run past the end of its originally-allocated buffer, which in turn causes erratic program behavior.

The line in question reads:

procprog = base_name(procprog);

which, depending on the implementation of base_name, will either assign procprog to point to a deeper location within its original buffer, or may cause it to point to some other static memory entirely.

The attached patch changes this to use:

strcpy(base_name(procprog));

to avoid this problem.  This solved erratic behavior on a Solaris 8 system that was using the system's 'ps' command instead of 'pst3'.

This patch is related to bug 1578214, and possibly to bug 1595449 (particularly the part that recommends changing MAX_INPUT_BUFFER to 4096).


----------------------------------------------------------------------

>Comment By: Thomas Guyot (dermoth)
Date: 2007-01-17 00:30

Message:
Logged In: YES 
user_id=375623
Originator: NO

Thanks. It's now fixed in CVS.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1630970&group_id=29880