![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 92120c1)
raw | patch | inline | side by side (parent: 92120c1)
| author | Ezra Peisach <epeisach@med-xtal.bu.edu> | |
| Tue, 19 Jun 2007 06:05:47 +0000 (08:05 +0200) | ||
| committer | Florian Forster <octo@huhu.verplant.org> | |
| Tue, 19 Jun 2007 06:05:47 +0000 (08:05 +0200) |
While reading the source code, I found the following:
In csv.c (line 44) and rrdtool.c (line 363) (value_list_to_string) the
following syntax exists:
memset (buffer, '\0', sizeof (buffer_len));
The sizeof should be removed - assuming that the desire is to zero the buffer
and not the first four (sizeof(int)) bytes.
Based on the code paths - I do not see an information leak - or any security
implications...
In csv.c (line 44) and rrdtool.c (line 363) (value_list_to_string) the
following syntax exists:
memset (buffer, '\0', sizeof (buffer_len));
The sizeof should be removed - assuming that the desire is to zero the buffer
and not the first four (sizeof(int)) bytes.
Based on the code paths - I do not see an information leak - or any security
implications...
| ChangeLog | patch | blob | history | |
| src/csv.c | patch | blob | history | |
| src/rrdtool.c | patch | blob | history |
diff --git a/ChangeLog b/ChangeLog
index 748daebd00b98ab3da4cb45e6102a3984bee7de1..b6eed3d5bf7ab195ffab66049c4b78bc83adaa81 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
2007-06-18, Version 4.0.3
* cpu plugin: Fix the Darwin / Mac OS X code.
* ping plugin: Use the return value of `getpid', not its address.
+ * csv, rrdtool plugin: Fixed a bug that prevented an buffer to be
+ initialized correctly.
2007-06-12, Version 4.0.2
* hddtemp and ntpd plugin: Corrected the parsing of port numbers when
diff --git a/src/csv.c b/src/csv.c
index fcd707ebafd573e9d7f8abad85e2fa51cd782992..192cf52e1f4d01518844b6c5997c4e2263a2c9ee 100644 (file)
--- a/src/csv.c
+++ b/src/csv.c
int status;
int i;
- memset (buffer, '\0', sizeof (buffer_len));
+ memset (buffer, '\0', buffer_len);
status = snprintf (buffer, buffer_len, "%u", (unsigned int) vl->time);
if ((status < 1) || (status >= buffer_len))
diff --git a/src/rrdtool.c b/src/rrdtool.c
index ea96290555670542dfdcd116f90006dc85cf1c50..d20a8142e87b9a6ed9988c686ccc979b4343e549 100644 (file)
--- a/src/rrdtool.c
+++ b/src/rrdtool.c
int status;
int i;
- memset (buffer, '\0', sizeof (buffer_len));
+ memset (buffer, '\0', buffer_len);
status = snprintf (buffer, buffer_len, "%u", (unsigned int) vl->time);
if ((status < 1) || (status >= buffer_len))