diff --git a/debian/patches/10_check_pqsql_db_name_too_strict b/debian/patches/10_check_pqsql_db_name_too_strict new file mode 100644 index 0000000..32fbd11 --- /dev/null +++ b/debian/patches/10_check_pqsql_db_name_too_strict @@ -0,0 +1,31 @@ +From dae075e65a38c65352d04f8c8fdfa21e2056d01c Mon Sep 17 00:00:00 2001 +From: Florian Lohoff +Date: Mon, 15 Feb 2021 15:34:07 +0100 +Subject: [PATCH] Using snprintf which honors the buffers size and guarantees + null termination. (Closes: #1601) + +As strcpy may overflow the resulting buffer: + +flo@p5:~$ /tmp/f/usr/lib/nagios/plugins/check_pgsql -d "$(seq 1 10000)" +*** buffer overflow detected ***: terminated +Aborted + +I would propose to change the code rather like this, using snprintf +which honors the buffers size and guarantees null termination. +--- + plugins/check_pgsql.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c +index 11ce6916..b8fc5f1d 100644 +--- a/plugins/check_pgsql.c ++++ b/plugins/check_pgsql.c +@@ -347,7 +347,7 @@ process_arguments (int argc, char **argv) + if (!is_pg_dbname (optarg)) /* checks length and valid chars */ + usage2 (_("Database name is not valid"), optarg); + else /* we know length, and know optarg is terminated, so us strcpy */ +- strcpy (dbName, optarg); ++ snprintf(dbName, NAMEDATALEN, "%s", optarg); + break; + case 'l': /* login name */ + if (!is_pg_logname (optarg)) diff --git a/debian/patches/series b/debian/patches/series index de39cb6..3fcc438 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ 02_check_icmp_links # commited upstream +10_check_pqsql_db_name_too_strict