Fix an out-of-bounds memcpy(3) and add a realloc(3) error check in

jitter_request().

git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1666 f882894a-f735-0410-b71e-b25c423dba1c

diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index ab23249e1565c70cfce956ecc03acdfcc723549e..9fbdedd6e5f92160e99b5c67960a282a98a10df6 100644 (file)
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -506,6 +506,7 @@ double jitter_request(const char *host, int *status){
        ntp_control_message req;
        double rval = 0.0, jitter = -1.0;
        char *startofvalue=NULL, *nptr=NULL;
+       void *tmp;
 
        /* Long-winded explanation:
         * Getting the jitter requires a number of steps:
@@ -539,8 +540,10 @@ double jitter_request(const char *host, int *status){
                 * we represent as a ntp_assoc_status_pair datatype.
                 */
                npeers+=(ntohs(req.count)/sizeof(ntp_assoc_status_pair));
-               peers=(ntp_assoc_status_pair*)realloc(peers, sizeof(ntp_assoc_status_pair)*npeers);
-               memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, sizeof(ntp_assoc_status_pair)*npeers);
+               if((tmp=realloc(peers, sizeof(ntp_assoc_status_pair)*npeers)) == NULL)
+                       free(peers), die(STATE_UNKNOWN, "can not (re)allocate 'peers' buffer\n");
+               peers=tmp;
+               memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, ntohs(req.count));
                peer_offset+=ntohs(req.count);
        } while(req.op&REM_MORE);