From b61f51ad0291cf7051b6ea15ec8f8486f02443f9 Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Thu, 5 Jun 2014 23:01:35 -0500 Subject: plugins/check_real.c - recv string null terminate Recv into buffer is not properly null terminated prior to strstr and possible other string functions expecting a null termination. Simply take bytes received and use as an index to append \0 after. We are creating buffer[] with size of MAX_INPUT_BUFFER and recv with MAX_INPUT_BUFFER-1 so this should never overflow. diff --git a/plugins/check_real.c b/plugins/check_real.c index 47776c5..36f6413 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -178,6 +178,7 @@ main (int argc, char **argv) /* watch for the REAL connection string */ result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0); + buffer[result] = "\0"; /* null terminate recieved buffer */ /* return a CRITICAL status if we couldn't read any data */ if (result == -1) { -- cgit v0.10-9-g596f