The code parsing cpuinfo strings could read past end of buffer.
Avoid this problem by using only part of the allocated size
and null terminating.
Add check for read error.
---
agent/mibgroup/hardware/cpu/cpu_linux.c | 33 +++++++++++++++++++++---------
1 files changed, 23 insertions(+), 10 deletions(-)
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2009-03-16 16:44:16.324267505
-0700
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2009-03-17 08:39:26.010229361
-0700
@@ -100,7 +100,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
static int bsize = 0;
static int first = 1;
static int has_cpu_26 = 1;
- int statfd, i;
+ int bytes_read, statfd, i;
char *b1, *b2;
unsigned long long cusell = 0, cicell = 0, csysll = 0, cidell = 0,
ciowll = 0, cirqll = 0, csoftll = 0;
@@ -111,18 +111,24 @@ int netsnmp_cpu_arch_load( netsnmp_cache
return -1;
}
if (bsize == 0) {
- bsize = 256;
- buff = malloc(bsize);
+ bsize = 255;
+ buff = malloc(bsize+1);
}
- while (read(statfd, buff, bsize) == bsize) {
+ while ((bytes_read = read(statfd, buff, bsize)) == bsize) {
bsize += 256;
- buff = realloc(buff, bsize);
+ buff = realloc(buff, bsize+1);
DEBUGMSGTL(("cpu", "/proc/stat buffer increased to %d\n", bsize));
close(statfd);
statfd = open(STAT_FILE, O_RDONLY, 0);
}
close(statfd);
+ if (bytes_read < 0) {
+ snmp_log_perror(STAT_FILE "read error");
+ return -1;
+ }
+ buff[bytes_read] = '\0';
+
/*
* CPU statistics (overall and per-CPU)
*/
@@ -194,23 +200,28 @@ void _cpu_load_swap_etc( char *buff, net
static char *vmbuff = NULL;
static int vmbsize = 0;
static int first = 1;
- int vmstatfd;
+ int bytes_read,vmstatfd;
char *b;
unsigned long long pin, pout, swpin, swpout;
unsigned long long itot, iticks, ctx;
if (has_vmstat && (vmstatfd = open(VMSTAT_FILE, O_RDONLY, 0)) != -1) {
if (vmbsize == 0) {
- vmbsize = 256;
- vmbuff = malloc(vmbsize);
+ vmbsize = 255;
+ vmbuff = malloc(vmbsize+1);
}
- while (read(vmstatfd, vmbuff, vmbsize) == vmbsize) {
+ while ((bytes_read = read(vmstatfd, vmbuff, vmbsize)) == vmbsize) {
vmbsize += 256;
vmbuff = realloc(vmbuff, vmbsize);
close(vmstatfd);
vmstatfd = open(VMSTAT_FILE, O_RDONLY, 0);
}
close(vmstatfd);
+ if (bytes_read < 0) {
+ snmp_log_perror(VMSTAT_FILE "read error");
+ has_vmstat = 0;
+ } else
+ vmbuff[bytes_read] = '\0';
}
else
has_vmstat = 0;
--
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
