diff options
| author | Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> | 2025-08-01 14:27:48 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-08-01 14:27:48 +0200 |
| commit | b05087d9aac2369b2ce19e45441da5b761b36a42 (patch) | |
| tree | b62f1b5864871923cb7e4a8607706b4a20f3a6c6 | |
| parent | 7349d6203b8c837bac1658c9af7221f71ea91929 (diff) | |
| parent | 1f2acfd1c6577db6e3d385614922e32ac9fad03f (diff) | |
| download | monitoring-plugins-b05087d9.tar.gz | |
Merge pull request #2133 from rlaager/fix-check_ssh-buffer-overflow
Fix check ssh buffer overflow
| -rw-r--r-- | plugins/check_ssh.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index 9d0d7cde..2c76fa84 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c | |||
| @@ -255,7 +255,7 @@ int ssh_connect(mp_check *overall, char *haddr, int hport, char *desired_remote_ | |||
| 255 | byte_offset = 0; | 255 | byte_offset = 0; |
| 256 | 256 | ||
| 257 | char *index = NULL; | 257 | char *index = NULL; |
| 258 | unsigned long len = 0; | 258 | size_t len = 0; |
| 259 | while ((index = strchr(output + byte_offset, '\n')) != NULL) { | 259 | while ((index = strchr(output + byte_offset, '\n')) != NULL) { |
| 260 | /*Partition the buffer so that this line is a separate string, | 260 | /*Partition the buffer so that this line is a separate string, |
| 261 | * by replacing the newline with NUL*/ | 261 | * by replacing the newline with NUL*/ |
| @@ -273,12 +273,14 @@ int ssh_connect(mp_check *overall, char *haddr, int hport, char *desired_remote_ | |||
| 273 | } | 273 | } |
| 274 | 274 | ||
| 275 | if (version_control_string == NULL) { | 275 | if (version_control_string == NULL) { |
| 276 | /* move unconsumed data to beginning of buffer, null rest */ | 276 | /* move unconsumed data to beginning of buffer */ |
| 277 | memmove((void *)output, (void *)(output + byte_offset + 1), BUFF_SZ - len + 1); | 277 | memmove((void *)output, (void *)(output + byte_offset), BUFF_SZ - byte_offset); |
| 278 | memset(output + byte_offset + 1, 0, BUFF_SZ - byte_offset + 1); | ||
| 279 | 278 | ||
| 280 | /*start reading from end of current line chunk on next recv*/ | 279 | /*start reading from end of current line chunk on next recv*/ |
| 281 | byte_offset = strlen(output); | 280 | byte_offset = strlen(output); |
| 281 | |||
| 282 | /* NUL the rest of the buffer */ | ||
| 283 | memset(output + byte_offset, 0, BUFF_SZ - byte_offset); | ||
| 282 | } | 284 | } |
| 283 | } else { | 285 | } else { |
| 284 | byte_offset += recv_ret; | 286 | byte_offset += recv_ret; |