From ea73c57cc68be71f65d6bf491e2299eb88ab6eca Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Fri, 27 Feb 2015 16:49:01 +0100 Subject: [PATCH] plugin: Use strcasecmp rather than strncasecmp to find a plugin. This makes collectd resistant against vulnerable copies of libltdl (CVE-2009-3736). See for further details. --- src/plugin.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/plugin.c b/src/plugin.c index ed962a72..489d0f70 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -837,7 +837,6 @@ int plugin_load (const char *type, uint32_t flags) const char *dir; char filename[BUFSIZE] = ""; char typename[BUFSIZE]; - int typename_len; int ret; struct stat statbuf; struct dirent *de; @@ -854,7 +853,6 @@ int plugin_load (const char *type, uint32_t flags) WARNING ("plugin_load: Filename too long: \"%s.so\"", type); return (-1); } - typename_len = strlen (typename); if ((dh = opendir (dir)) == NULL) { @@ -866,7 +864,7 @@ int plugin_load (const char *type, uint32_t flags) while ((de = readdir (dh)) != NULL) { - if (strncasecmp (de->d_name, typename, typename_len)) + if (strcasecmp (de->d_name, typename)) continue; status = ssnprintf (filename, sizeof (filename), -- 2.30.2