Adding d/p/10_check_pqsql_db_name_too_strict (Closes: #982847)

This commit is contained in:
Jan Wagner 2021-04-07 17:24:41 +02:00
parent 7576422c45
commit c055b9a04a
2 changed files with 32 additions and 0 deletions

View file

@ -0,0 +1,31 @@
From dae075e65a38c65352d04f8c8fdfa21e2056d01c Mon Sep 17 00:00:00 2001
From: Florian Lohoff <f@zz.de>
Date: Mon, 15 Feb 2021 15:34:07 +0100
Subject: [PATCH] Using snprintf which honors the buffers size and guarantees
null termination. (Closes: #1601)
As strcpy may overflow the resulting buffer:
flo@p5:~$ /tmp/f/usr/lib/nagios/plugins/check_pgsql -d "$(seq 1 10000)"
*** buffer overflow detected ***: terminated
Aborted
I would propose to change the code rather like this, using snprintf
which honors the buffers size and guarantees null termination.
---
plugins/check_pgsql.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 11ce6916..b8fc5f1d 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -347,7 +347,7 @@ process_arguments (int argc, char **argv)
if (!is_pg_dbname (optarg)) /* checks length and valid chars */
usage2 (_("Database name is not valid"), optarg);
else /* we know length, and know optarg is terminated, so us strcpy */
- strcpy (dbName, optarg);
+ snprintf(dbName, NAMEDATALEN, "%s", optarg);
break;
case 'l': /* login name */
if (!is_pg_logname (optarg))

View file

@ -1,2 +1,3 @@
02_check_icmp_links 02_check_icmp_links
# commited upstream # commited upstream
10_check_pqsql_db_name_too_strict