[icinga-checkins] icinga.org: icinga-core/master: fix possible overflows and increase command lenght limit in mini_epn's ( Thomas Guyot-Sionnest)

Tue Jul 27 16:31:29 CEST 2010

Module: icinga-core
Branch: master
Commit: d37150784054fa8bd586eda757bef07c9305c5da
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=d37150784054fa8bd586eda757bef07c9305c5da

Author: Michael Friedrich <michael.friedrich at univie.ac.at>
Date:   Mon Jul 26 12:27:20 2010 +0200

fix possible overflows and increase command lenght limit in mini_epn's (Thomas Guyot-Sionnest)

fixes #314

---

 Changelog              |    1 +
 contrib/.gitignore     |    7 +++++++
 contrib/mini_epn.c     |   12 +++++++-----
 contrib/new_mini_epn.c |   20 +++++++++++---------
 4 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/Changelog b/Changelog
index 59f6066..97e5a14 100644
--- a/Changelog
+++ b/Changelog
@@ -10,6 +10,7 @@ FIXES
 * core: fix temp_path overwritten by check_result_path in base/config.c
 * core: modify execv to execvp, accepting 4096 cmd args, for both host and service checks with adapted error handling
 * core: execvp searches in PATH too like popen, and returns if error, outputting the errno string
+* core: fix possible overflows and increase command lenght limit in mini_epn's (Thomas Guyot-Sionnest)
 
 * classic ui: fix image urls ins stylesheets
 
diff --git a/contrib/.gitignore b/contrib/.gitignore
index 4f1e93a..1d7321e 100644
--- a/contrib/.gitignore
+++ b/contrib/.gitignore
@@ -1,2 +1,9 @@
 perlxsi.c
 Makefile
+convertcfg
+mini_epn
+mini_epn.o
+new_mini_epn
+new_mini_epn.o
+contrib/perlxsi.o
+
diff --git a/contrib/mini_epn.c b/contrib/mini_epn.c
index 688b394..87098f3 100644
--- a/contrib/mini_epn.c
+++ b/contrib/mini_epn.c
@@ -7,6 +7,8 @@
 #include <perl.h>
 #include "epn_icinga.h"
 
+#define MAX_INPUT_CHARS 1024
+
 static PerlInterpreter *my_perl = NULL;
 
 int main(int argc, char **argv, char **env) {
@@ -19,14 +21,14 @@ int main(int argc, char **argv, char **env) {
 
 	char *embedding[] = { "", "p1.pl" };
 	char *plugin_output ;
-	char fname[64];
+	char fname[MAX_INPUT_CHARS];
 	char *args[] = {"","0", "", "", NULL };
-	char command_line[80];
+	char command_line[MAX_INPUT_CHARS];
 	int exitstatus;
 	int pclose_result;
 
 	if((my_perl=perl_alloc())==NULL){
-		printf("%s\n","Error: Could not allocate memory for embedded Perl interpreter!"); 
+		printf("%s\n","Error: Could not allocate memory for embedded Perl interpreter!");
 		exit(1);
 	}
 	perl_construct(my_perl);
@@ -35,7 +37,7 @@ int main(int argc, char **argv, char **env) {
 
 		exitstatus=perl_run(my_perl);
 
-	        while(printf("Enter file name: ") && fgets(command_line, 80, stdin)) {
+	        while(printf("Enter file name: ") && fgets(command_line, MAX_INPUT_CHARS-1, stdin)) {
 			SV *plugin_hndlr_cr;
 		        STRLEN n_a;
 			int count = 0 ;
@@ -53,7 +55,7 @@ int main(int argc, char **argv, char **env) {
 
 			/* call our perl interpreter to compile and optionally cache the command */
 
-			ENTER; 
+			ENTER;
 			SAVETMPS;
 			PUSHMARK(SP);
 
diff --git a/contrib/new_mini_epn.c b/contrib/new_mini_epn.c
index 671f605..b29f407 100644
--- a/contrib/new_mini_epn.c
+++ b/contrib/new_mini_epn.c
@@ -12,6 +12,7 @@
 										 */
 
 #define DO_CLEAN "0"
+#define MAX_INPUT_CHARS 1024
 
 static PerlInterpreter *my_perl = NULL;
 
@@ -60,7 +61,7 @@ void run_plugin(char *command_line) {
 	int count = 0 ;
 	int pclose_result;
 	char *plugin_output;
-	char fname[128];
+	char fname[MAX_INPUT_CHARS];
 	char *args[] = {"", "", "", "", NULL };
 
 	dSP;
@@ -108,7 +109,7 @@ void run_plugin(char *command_line) {
 		return;
 	} else {
 		plugin_hndlr_cr = newSVsv(POPs);
-                
+
 		PUTBACK ;
 		FREETMPS ;
 		LEAVE ;
@@ -117,7 +118,7 @@ void run_plugin(char *command_line) {
 										 * Push the arguments to Embed::Persistent::run_package onto
 										 * the Perl stack.
 										 */
-	ENTER; 
+	ENTER;
 	SAVETMPS;
 	PUSHMARK(SP);
 
@@ -158,7 +159,7 @@ SV * my_eval_pv(char *pv) {
 
 char * get_command_line(void) {
 
-										/* debug 
+										/* debug
 										 * printf("%s\n", INIT_TERM_READLINE) ;
 										 */
 	SV *cmd_line ;
@@ -176,7 +177,7 @@ void init_term_readline(void) {
 
 void init_embedded_perl(void) {
 	char *embedding[] = { "", "p1.pl" };
-										/* embedding takes the place of argv[] ($argv[0] is the program name. 
+										/* embedding takes the place of argv[] ($argv[0] is the program name.
 										 * - which is not given to Perl).
 										 * Note that the number of args (ie the number of elements in embedding
 										 * [argc] is the third argument of perl_parse().
@@ -196,7 +197,7 @@ void init_embedded_perl(void) {
 	PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
 										/* Why is perl_run() necessary ?
 										 * It is needed if the code parsed by perl_parse() has
-										 * any runtime semantics (eg code that gets eval'd, 
+										 * any runtime semantics (eg code that gets eval'd,
 										 * behaviour that depends on constants etc).
 										 */
 	exitstatus=perl_run(my_perl);
@@ -217,10 +218,10 @@ void deinit_embedded_perl(void){
 
 int main(int argc, char **argv, char **env) {
 
-	char command_line[128];
+	char command_line[MAX_INPUT_CHARS];
 
 	init_embedded_perl();
-										/* Calls Perl to load and construct a new 
+										/* Calls Perl to load and construct a new
 										 * Term::ReadLine object.
 										 */
 
@@ -231,7 +232,8 @@ int main(int argc, char **argv, char **env) {
 										 * get_command_line calls Perl to get a scalar from stdin
 										 */
 
-		strncpy(command_line, get_command_line(), 128) ;
+		strncpy(command_line, get_command_line(), MAX_INPUT_CHARS-1) ;
+		command_line[MAX_INPUT_CHARS-1] = '\0';
 
 										/* Perl Term::ReadLine::readline() method chomps the "\n"
 										 * from the end of the input.



