On Mon, Feb 15, 2021 at 10:27:04AM +0000, Debian Bug Tracking System wrote: > 982847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982847 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems
Hi, as strcpy may overflow the resulting buffer: flo@p5:~$ /tmp/f/usr/lib/nagios/plugins/check_pgsql -d "$(seq 1 10000)" *** buffer overflow detected ***: terminated Aborted I would propose to change the code rather like this, using snprintf which honors the buffers size and guarantees null termination. @@ -344,11 +343,7 @@ process_arguments (int argc, char **argv) pgport = optarg; break; case 'd': /* database name */ - if (!is_pg_dbname (optarg)) /* checks length and valid chars */ - usage2 (_("Database name is not valid"), optarg); - else /* we know length, and know optarg is terminated, so us strcpy */ - strcpy (dbName, optarg); - break; + snprintf(dbName, NAMEDATALEN, "%s", optarg); case 'l': /* login name */ if (!is_pg_logname (optarg)) usage2 (_("User name is not valid"), optarg); -- Florian Lohoff f...@zz.de "Autoritaetsduselei ist der groesste Feind der Wahrheit" - Albert Einstein
signature.asc
Description: PGP signature