[monitoring-plugins] Using snprintf which honors the buffers size and ...

Jan Wagner git at monitoring-plugins.org
Wed Apr 7 18:10:12 CEST 2021


    Module: monitoring-plugins
    Branch: wip-2.3.1
    Commit: 237cddc7729beeaac6a6ecbf347663654dcbfe0a
    Author: Florian Lohoff <f at zz.de>
 Committer: Jan Wagner <waja at cyconet.org>
      Date: Mon Feb 15 15:34:07 2021 +0100
       URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=237cddc

Using snprintf which honors the buffers size and guarantees null termination. (Closes: #1601)

As strcpy may overflow the resulting buffer:

flo at p5:~$ /tmp/f/usr/lib/nagios/plugins/check_pgsql -d "$(seq 1 10000)"
*** buffer overflow detected ***: terminated
Aborted

I would propose to change the code rather like this, using snprintf
which honors the buffers size and guarantees null termination.

---

 plugins/check_pgsql.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 11ce691..b8fc5f1 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -347,7 +347,7 @@ process_arguments (int argc, char **argv)
 			if (!is_pg_dbname (optarg)) /* checks length and valid chars */
 				usage2 (_("Database name is not valid"), optarg);
 			else /* we know length, and know optarg is terminated, so us strcpy */
-				strcpy (dbName, optarg);
+				snprintf(dbName, NAMEDATALEN, "%s", optarg);
 			break;
 		case 'l':     /* login name */
 			if (!is_pg_logname (optarg))



More information about the Commits mailing list