From cedc77a0ae4111d96f9d7c8893c11df2a7c9ddee Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sat, 31 Mar 2007 18:48:17 +0000 Subject: [PATCH] Fix an out-of-bounds memcpy(3) and add a realloc(3) error check in jitter_request(). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1666 f882894a-f735-0410-b71e-b25c423dba1c --- plugins/check_ntp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index ab23249..9fbdedd 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -506,6 +506,7 @@ double jitter_request(const char *host, int *status){ ntp_control_message req; double rval = 0.0, jitter = -1.0; char *startofvalue=NULL, *nptr=NULL; + void *tmp; /* Long-winded explanation: * Getting the jitter requires a number of steps: @@ -539,8 +540,10 @@ double jitter_request(const char *host, int *status){ * we represent as a ntp_assoc_status_pair datatype. */ npeers+=(ntohs(req.count)/sizeof(ntp_assoc_status_pair)); - peers=(ntp_assoc_status_pair*)realloc(peers, sizeof(ntp_assoc_status_pair)*npeers); - memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, sizeof(ntp_assoc_status_pair)*npeers); + if((tmp=realloc(peers, sizeof(ntp_assoc_status_pair)*npeers)) == NULL) + free(peers), die(STATE_UNKNOWN, "can not (re)allocate 'peers' buffer\n"); + peers=tmp; + memcpy((void*)((ptrdiff_t)peers+peer_offset), (void*)req.data, ntohs(req.count)); peer_offset+=ntohs(req.count); } while(req.op&REM_MORE); -- 2.30.2