mirror of
https://github.com/monitoring-plugins/monitoring-plugins.git
synced 2026-07-06 23:51:46 -04:00
check_icmp: Reject more than 65535 target hosts
The number of -H hosts is counted into an unsigned short, so supplying more than 65535 hosts wraps the counter. The subsequent calloc(3) then allocates an undersized hosts array while the later parsing loop still writes one entry per host, overflowing the heap buffer. As process_arguments() runs before we drop privileges via setuid(getuid()), this happens while still running as root on setuid-root installs. Guard both places where the counter is incremented and bail out with a usage error once 65535 hosts are reached, rather than wrapping silently. Reported-by: Christopher Kreft <Email@ChristopherKreft.de>
This commit is contained in:
parent
1c84da06be
commit
c35c12e58d
1 changed files with 6 additions and 0 deletions
|
|
@ -361,6 +361,9 @@ check_icmp_config_wrapper process_arguments(int argc, char **argv) {
|
|||
enforced_ai_family = AF_INET6;
|
||||
break;
|
||||
case 'H': {
|
||||
if (result.config.number_of_hosts == USHRT_MAX) {
|
||||
usage_va("Number of specified hosts exceeds %u", USHRT_MAX);
|
||||
}
|
||||
result.config.number_of_hosts++;
|
||||
break;
|
||||
}
|
||||
|
|
@ -378,6 +381,9 @@ check_icmp_config_wrapper process_arguments(int argc, char **argv) {
|
|||
|
||||
char **tmp = &argv[optind];
|
||||
while (*tmp) {
|
||||
if (result.config.number_of_hosts == USHRT_MAX) {
|
||||
usage_va("Number of specified hosts exceeds %u", USHRT_MAX);
|
||||
}
|
||||
result.config.number_of_hosts++;
|
||||
tmp++;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue