From bfe68d84f78c12f55e996e43201d280802de7984 Mon Sep 17 00:00:00 2001
From: Jan Wagner <waja@cyconet.org>
Date: Mon, 8 Jul 2013 11:46:52 +0200
Subject: check_nt: Fixes NULL pointer dereference

Thanks to Vaclav Ovsik for reporting the issue and providing a fix

diff --git a/THANKS.in b/THANKS.in
index fdebd65..ae4ea94 100644
--- a/THANKS.in
+++ b/THANKS.in
@@ -280,3 +280,4 @@ Alex Bradley
 Brian De Wolf
 Richard Leitner
 Diego Elio Pettenò
+Vaclav Ovsik
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index 89c4d8d..52bbd1c 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -94,6 +94,7 @@ int main(int argc, char **argv){
 	char *description=NULL,*counter_unit = NULL;
 	char *minval = NULL, *maxval = NULL, *errcvt = NULL;
 	char *fds=NULL, *tds=NULL;
+	char *numstr;
 
 	double total_disk_space=0;
 	double free_disk_space=0;
@@ -265,7 +266,10 @@ int main(int argc, char **argv){
 			xasprintf(&send_buffer,"%s&%u&%s&%s", req_password,(vars_to_check==CHECK_SERVICESTATE)?5:6,
 							 (show_all==TRUE) ? "ShowAll" : "ShowFail",value_list);
 			fetch_data (server_address, server_port, send_buffer);
-			return_code=atoi(strtok(recv_buffer,"&"));
+			numstr = strtok(recv_buffer,"&");
+			if (numstr == NULL)
+				die(STATE_UNKNOWN, _("could not fetch information from server\n"));
+			return_code=atoi(numstr);
 			temp_string=strtok(NULL,"&");
 			output_message = strdup (temp_string);
 		}
@@ -275,8 +279,14 @@ int main(int argc, char **argv){
 
 		xasprintf(&send_buffer,"%s&7", req_password);
 		fetch_data (server_address, server_port, send_buffer);
-		mem_commitLimit=atof(strtok(recv_buffer,"&"));
-		mem_commitByte=atof(strtok(NULL,"&"));
+		numstr = strtok(recv_buffer,"&");
+		if (numstr == NULL)
+			die(STATE_UNKNOWN, _("could not fetch information from server\n"));
+		mem_commitLimit=atof(numstr);
+		numstr = strtok(NULL,"&");
+		if (numstr == NULL)
+			die(STATE_UNKNOWN, _("could not fetch information from server\n"));
+		mem_commitByte=atof(numstr);
 		percent_used_space = (mem_commitByte / mem_commitLimit) * 100;
 		warning_used_space = ((float)warning_value / 100) * mem_commitLimit;
 		critical_used_space = ((float)critical_value / 100) * mem_commitLimit;
-- 
cgit v0.10-9-g596f