[Pkg-nagios-changes] [pkg-nsca] 05/11: Add patch by Xiwen Cheng to fix potential buffer overflow. (closes: #685455)

Bas Couwenberg sebastic at debian.org
Fri Dec 9 17:24:31 UTC 2016 

This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch master
in repository pkg-nsca.

commit e7bfb17555c3ecd3de534c436ec8f2d2db5409e6
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Fri Dec 9 16:33:57 2016 +0100

    Add patch by Xiwen Cheng to fix potential buffer overflow. (closes: #685455)
---
 debian/changelog                                      |  2 ++
 debian/patches/11_fix-potential-buffer-overflow.patch | 17 +++++++++++++++++
 debian/patches/series                                 |  1 +
 3 files changed, 20 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index e2d8fb9..b38b446 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -43,6 +43,8 @@ nsca (2.9.1-4) UNRELEASED; urgency=medium
   * Add Brazilian Portuguese debconf templates translation
     by Adriano Rafael Gomes.
     (closes: #824332)
+  * Add patch by Xiwen Cheng to fix potential buffer overflow.
+    (closes: #685455)
 
  -- Bas Couwenberg <sebastic at debian.org>  Sun, 04 Dec 2016 00:04:22 +0100
 
diff --git a/debian/patches/11_fix-potential-buffer-overflow.patch b/debian/patches/11_fix-potential-buffer-overflow.patch
new file mode 100644
index 0000000..087eaca
--- /dev/null
+++ b/debian/patches/11_fix-potential-buffer-overflow.patch
@@ -0,0 +1,17 @@
+Description: Fix potential buffer overflow.
+Author: Xiwen Cheng <xiwen.cheng at mendix.com>
+Bug-Debian: https://bugs.debian.org/685455
+
+--- a/src/send_nsca.c
++++ b/src/send_nsca.c
+@@ -215,6 +215,10 @@ int main(int argc, char **argv){
+ 			input_buffer[pos] = c;
+ 			c = getc(stdin);
+ 			pos++;
++			if(pos>=MAX_INPUT_BUFFER-1){
++				printf("Warning: packet[%d] truncated to %d bytes.\n",total_packets, MAX_INPUT_BUFFER);
++				break;
++			}
+ 			}
+ 		input_buffer[pos] = 0;
+ 		strip(input_buffer);
diff --git a/debian/patches/series b/debian/patches/series
index 1984b7b..56845e2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
 08_race-condition-when-opening-command-file.patch
 09_reserved-identifier-violation.patch
 10_nsca-close-POLLNVAL-accept-bug-causes-hang.patch
+11_fix-potential-buffer-overflow.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nsca.git

More information about the Pkg-nagios-changes mailing list