Fix check_snmp buffer overflow (CVE-2007-5623)

[nagiosplug.git] / plugins / check_snmp.c

diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 3f9a03d2bcaa30762afcab756df0d1130d1fbace..9fa4a60bf4069bf355c86073ea8127d7ac0ce646 100644 (file)
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -226,12 +226,16 @@ main (int argc, char **argv)
 
        ptr = output;
 
-       strcat(perfstr, "| ");
+       strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1);
        while (ptr) {
                char *foo;
+               unsigned int copylen;
 
                foo = strstr (ptr, delimiter);
-               strncat(perfstr, ptr, foo-ptr);
+               copylen = foo-ptr;
+               if (copylen > sizeof(perfstr)-strlen(perfstr)-1)
+                       copylen = sizeof(perfstr)-strlen(perfstr)-1;
+               strncat(perfstr, ptr, copylen);
                ptr = foo; 
 
                if (ptr == NULL)
@@ -364,11 +368,11 @@ main (int argc, char **argv)
 
                i++;
 
-               strcat(perfstr, "=");
-               strcat(perfstr, show);
+               strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
+               strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);
                if (type)
-                       strcat(perfstr, type);
-               strcat(perfstr, " ");
+                       strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
+               strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
 
        }       /* end while (ptr) */