[pkgsrc/trunk]: pkgsrc/net/nagios-plugin-snmp Fix SNMP GET reply buffer overf...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/8d95ce765e7b
branches:  trunk
changeset: 540027:8d95ce765e7b
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sat Mar 22 15:00:14 2008 +0000

description:
Fix SNMP GET reply buffer overflow in nagios-plugin-snmp version 1.4.3nb1
(CVE-2007-5623, ticket #16441)
Approved-by: gdt, joerg

diffstat:

 net/nagios-plugin-snmp/Makefile         |   6 ++--
 net/nagios-plugin-snmp/distinfo         |   3 +-
 net/nagios-plugin-snmp/patches/patch-aa |  38 +++++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+), 4 deletions(-)

diffs (74 lines):

diff -r a12ee4344fda -r 8d95ce765e7b net/nagios-plugin-snmp/Makefile
--- a/net/nagios-plugin-snmp/Makefile   Sat Mar 22 14:54:20 2008 +0000
+++ b/net/nagios-plugin-snmp/Makefile   Sat Mar 22 15:00:14 2008 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.7 2008/01/18 05:08:45 tnn Exp $
+# $NetBSD: Makefile,v 1.8 2008/03/22 15:00:14 tonnerre Exp $
 #
 
 PKGNAME=       nagios-plugin-snmp-${PLUGINSVERSION}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    net sysutils
 
-MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+MAINTAINER=    tonnerre%NetBSD.org@localhost
 COMMENT=       Nagios snmp plugins
 
 DEPENDS+=      nagios-plugins-${PLUGINSVERSION}{,nb[0-9]*}:../../net/nagios-plugins
diff -r a12ee4344fda -r 8d95ce765e7b net/nagios-plugin-snmp/distinfo
--- a/net/nagios-plugin-snmp/distinfo   Sat Mar 22 14:54:20 2008 +0000
+++ b/net/nagios-plugin-snmp/distinfo   Sat Mar 22 15:00:14 2008 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.3 2006/10/16 08:40:45 seb Exp $
+$NetBSD: distinfo,v 1.4 2008/03/22 15:00:14 tonnerre Exp $
 
 SHA1 (nagios-plugins-1.4.3.tar.gz) = c26fc2f31d7579c3a8174dcd1965046c4b1c8d37
 RMD160 (nagios-plugins-1.4.3.tar.gz) = bc1d4f8cddd481775c514758a462fe533e01e846
 Size (nagios-plugins-1.4.3.tar.gz) = 1257775 bytes
+SHA1 (patch-aa) = 90672697d121f4fba242d50e87bffd3a4fce8921
 SHA1 (patch-ad) = 75bb44093f1fe0d18668cb9aec787d760fe16ad4
 SHA1 (patch-ae) = 42a2767b290e4a10c93f170e85138e8c639906dc
 SHA1 (patch-ak) = c3d9f6ea9a971c45ec4159f800c2a975a3013c82
diff -r a12ee4344fda -r 8d95ce765e7b net/nagios-plugin-snmp/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/nagios-plugin-snmp/patches/patch-aa   Sat Mar 22 15:00:14 2008 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-aa,v 1.1 2008/03/22 15:00:14 tonnerre Exp $
+
+--- plugins/check_snmp.c.orig  2005-10-31 21:03:19.000000000 +0100
++++ plugins/check_snmp.c
+@@ -203,12 +203,16 @@ main (int argc, char **argv)
+ 
+       ptr = output;
+ 
+-      strcat(perfstr, "| ");
++      strncat(perfstr, "| ", sizeof(perfstr)-strlen(perfstr)-1);
+       while (ptr) {
+               char *foo;
++              size_t copylen;
+ 
+               foo = strstr (ptr, delimiter);
+-              strncat(perfstr, ptr, foo-ptr);
++              copylen = foo-ptr;
++              if (copylen > sizeof(perfstr)-strlen(perfstr)-1)
++                      copylen = sizeof(perfstr)-strlen(perfstr)-1;
++              strncat(perfstr, ptr, copylen);
+               ptr = foo; 
+ 
+               if (ptr == NULL)
+@@ -338,9 +342,11 @@ main (int argc, char **argv)
+ 
+               i++;
+ 
+-              char *str[MAX_INPUT_BUFFER];
+-              asprintf(str, "=%s%s;;;; ", show, type ? type : "");
+-              strcat(perfstr, *str);
++              strncat(perfstr, "=", sizeof(perfstr)-strlen(perfstr)-1);
++              strncat(perfstr, show, sizeof(perfstr)-strlen(perfstr)-1);
++              if (type)
++                      strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
++              strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
+ 
+       }       /* end while (ptr) */
+