[PATCH 1/2] Fix possible overflows and increase command lenght limit in mini_epn's

Thomas Guyot-Sionnest dermoth at aei.ca
Sun Aug 16 00:18:33 CEST 2009


From: Thomas Guyot-Sionnest <thomas at zango.com>

---
 contrib/mini_epn.c     |    8 +++++---
 contrib/new_mini_epn.c |    6 ++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/contrib/mini_epn.c b/contrib/mini_epn.c
index 598e239..1e4f72e 100644
--- a/contrib/mini_epn.c
+++ b/contrib/mini_epn.c
@@ -7,6 +7,8 @@
 #include <perl.h>
 #include "epn_nagios.h"
 
+#define MAX_INPUT_CHARS 1024
+
 static PerlInterpreter *my_perl = NULL;
 
 int main(int argc, char **argv, char **env) {
@@ -19,9 +21,9 @@ int main(int argc, char **argv, char **env) {
 
 	char *embedding[] = { "", "p1.pl" };
 	char *plugin_output ;
-	char fname[64];
+	char fname[MAX_INPUT_CHARS];
 	char *args[] = {"","0", "", "", NULL };
-	char command_line[80];
+	char command_line[MAX_INPUT_CHARS];
 	int exitstatus;
 	int pclose_result;
 
@@ -35,7 +37,7 @@ int main(int argc, char **argv, char **env) {
 
 		exitstatus=perl_run(my_perl);
 
-	        while(printf("Enter file name: ") && fgets(command_line, 80, stdin)) {
+	        while(printf("Enter file name: ") && fgets(command_line, MAX_INPUT_CHARS-1, stdin)) {
 			SV *plugin_hndlr_cr;
 		        STRLEN n_a;
 			int count = 0 ;
diff --git a/contrib/new_mini_epn.c b/contrib/new_mini_epn.c
index 4320111..a9fca50 100644
--- a/contrib/new_mini_epn.c
+++ b/contrib/new_mini_epn.c
@@ -12,6 +12,7 @@
 										 */
 
 #define DO_CLEAN "0"
+#define MAX_INPUT_CHARS 1024
 
 static PerlInterpreter *my_perl = NULL;
 
@@ -60,7 +61,7 @@ void run_plugin(char *command_line) {
 	int count = 0 ;
 	int pclose_result;
 	char *plugin_output;
-	char fname[128];
+	char fname[MAX_INPUT_CHARS];
 	char *args[] = {"", "", "", "", NULL };
 
 	dSP;
@@ -231,7 +232,8 @@ int main(int argc, char **argv, char **env) {
 										 * get_command_line calls Perl to get a scalar from stdin
 										 */
 
-		strncpy(command_line, get_command_line(), 128) ;
+		strncpy(command_line, get_command_line(), MAX_INPUT_CHARS-1) ;
+		command_line[MAX_INPUT_CHARS-1] = '\0';
 
 										/* Perl Term::ReadLine::readline() method chomps the "\n"
 										 * from the end of the input.
-- 
1.6.4


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july




More information about the Developers mailing list