[Pkg-nagios-devel] Bug#685455: nsca: Potential buffer overflow in send_nsca
Xiwen Cheng
xiwen.cheng at mendix.com
Mon Aug 20 21:56:12 UTC 2012
Package: nsca
Version: 2.9.1-2
Severity: important
Dear Maintainer,
While looking through the source of send_nsca.c I noticed there is a
major bug in the loop that reads in data from stdin. An attacker could
cause a buffer overflow in send_nsca by sending a payload larger than
5120 bytes with no occurences of 0x17.
The patch included simply records the event and prevents the buffer
overflow from occuring by truncating the payload.
Best regards,
Xiwen
Patch:
>From 06cd6b58b2d1488fbf64cd5f15f20df57e39a852 Mon Sep 17 00:00:00 2001
From: Xiwen Cheng <xiwen.cheng at mendix.com>
Date: Mon, 20 Aug 2012 23:05:06 +0200
Subject: [PATCH] Fix potential buffer overflow
---
src/send_nsca.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/send_nsca.c b/src/send_nsca.c
index d44e7c1..07c5196 100644
--- a/src/send_nsca.c
+++ b/src/send_nsca.c
@@ -204,7 +204,11 @@ int main(int argc, char **argv){
input_buffer[pos] = c;
c = getc(stdin);
pos++;
+ if(pos>=MAX_INPUT_BUFFER-1){
+ printf("Warning: packet[%d] truncated to %d bytes.\n",total_packets, MAX_INPUT_BUFFER);
+ break;
}
+ }
input_buffer[pos] = 0;
strip(input_buffer);
--
1.7.10.4
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages nsca depends on:
ii confget 1.03-1
ii debconf [debconf-2.0] 1.5.44
ii libc6 2.13-33
ii libmcrypt4 2.5.8-3.1
ii nsca-client 2.9.1-2
nsca recommends no packages.
Versions of packages nsca suggests:
ii nagios-plugins-basic 1.4.16-1
pn nagios3 <none>
-- debconf information excluded
More information about the Pkg-nagios-devel
mailing list