From 16f53e0717b60660145388b0feb351628f606211 Mon Sep 17 00:00:00 2001 From: Thomas Guyot-Sionnest Date: Wed, 19 Nov 2008 05:59:33 +0000 Subject: Fixed buffer overflow in check_ntp/check_ntp_peer (#1999319, Ubuntu #291265) git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2086 f882894a-f735-0410-b71e-b25c423dba1c diff --git a/NEWS b/NEWS index 5149f91..c69fd2f 100644 --- a/NEWS +++ b/NEWS @@ -16,6 +16,7 @@ This file documents the major additions and syntax changes between releases. check_icmp now reports min and max round trip time perfdata (Steve Rader) Fixed bug where additional headers with redirection caused a segfault (Dieter Van de Walle - 2089159) check_disk: make autofs mount paths specified with -p before we determing the mount list (Erik Welch) + Fixed buffer overflow in check_ntp/check_ntp_peer (#1999319, Ubuntu #291265) 1.4.13 25th Sept 2008 Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 68c82d1..489ad60 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -198,7 +198,7 @@ typedef struct { /* NTP control message header is 12 bytes, plus any data in the data * field, plus null padding to the nearest 32-bit boundary per rfc. */ -#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((m.count)?4-(ntohs(m.count)%4):0)) +#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((ntohs(m.count)%4)?4-(ntohs(m.count)%4):0)) /* finally, a little helper or two for debugging: */ #define DBG(x) do{if(verbose>1){ x; }}while(0); diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c index 3add273..e489a58 100644 --- a/plugins/check_ntp_peer.c +++ b/plugins/check_ntp_peer.c @@ -131,7 +131,7 @@ typedef struct { /* NTP control message header is 12 bytes, plus any data in the data * field, plus null padding to the nearest 32-bit boundary per rfc. */ -#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((m.count)?4-(ntohs(m.count)%4):0)) +#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((ntohs(m.count)%4)?4-(ntohs(m.count)%4):0)) /* finally, a little helper or two for debugging: */ #define DBG(x) do{if(verbose>1){ x; }}while(0); -- cgit v0.10-9-g596f