upstream/monitoring-plugins
1
0
Fork 0
mirror of https://github.com/monitoring-plugins/monitoring-plugins.git synced 2026-04-21 14:19:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Using snprintf which honors the buffers size and guarantees null termination. (Closes: #1601)

Browse source 
As strcpy may overflow the resulting buffer:

flo@p5:~$ /tmp/f/usr/lib/nagios/plugins/check_pgsql -d "$(seq 1 10000)"
*** buffer overflow detected ***: terminated
Aborted

I would propose to change the code rather like this, using snprintf
which honors the buffers size and guarantees null termination.
This commit is contained in:
Florian Lohoff 2021-02-15 15:34:07 +01:00 committed by Jan Wagner
parent 05d7f70d45
commit dae075e65a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
plugins/check_pgsql.c
View file

@ -347,7 +347,7 @@ process_arguments (int argc, char **argv)
if (!is_pg_dbname (optarg)) /* checks length and valid chars */
usage2 (_("Database name is not valid"), optarg);
else /* we know length, and know optarg is terminated, so us strcpy */
strcpy (dbName, optarg);
snprintf(dbName, NAMEDATALEN, "%s", optarg);
break;
case 'l': /* login name */
if (!is_pg_logname (optarg))