diff options
| author | Holger Weiss <holger@zedat.fu-berlin.de> | 2026-06-30 15:32:40 +0200 |
|---|---|---|
| committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2026-06-30 15:32:40 +0200 |
| commit | c35c12e58d326ffbd6cfb3c9097653f9f3fb2f4a (patch) | |
| tree | da6830ef72c44ef181fa8fbc18ecde140e630e3d /gl/getopt.c | |
| parent | 1c84da06be317a00c667cb7d7f0c24b7e8feb89d (diff) | |
| download | monitoring-plugins-c35c12e58d326ffbd6cfb3c9097653f9f3fb2f4a.tar.gz | |
check_icmp: Reject more than 65535 target hosts
The number of -H hosts is counted into an unsigned short, so supplying
more than 65535 hosts wraps the counter. The subsequent calloc(3) then
allocates an undersized hosts array while the later parsing loop still
writes one entry per host, overflowing the heap buffer. As
process_arguments() runs before we drop privileges via setuid(getuid()),
this happens while still running as root on setuid-root installs.
Guard both places where the counter is incremented and bail out with a
usage error once 65535 hosts are reached, rather than wrapping silently.
Reported-by: Christopher Kreft <Email@ChristopherKreft.de>
Diffstat (limited to 'gl/getopt.c')
0 files changed, 0 insertions, 0 deletions
