Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1533304989100430"
MIME-Version: 1.0
Date: Fri, 3 Aug 2018 14:03:09 +0000
From: "Emmanuel Dreyfus" <manu@netbsd.org>
Subject: CVS commit: pkgsrc/net/nagios-plugins
To: pkgsrc-changes@NetBSD.org
Reply-To: manu@netbsd.org
Message-Id: <20180803140309.DEF6DFBEC@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1533304989100430
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	manu
Date:		Fri Aug  3 14:03:09 UTC 2018

Modified Files:
	pkgsrc/net/nagios-plugins: distinfo
Added Files:
	pkgsrc/net/nagios-plugins/patches: patch-plugins_check_nagios.c

Log Message:
Crash fix: initialize variable, check bounds on string copy.


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/net/nagios-plugins/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/net/nagios-plugins/patches/patch-plugins_check_nagios.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1533304989100430
Content-Disposition: inline
Content-Length: 2199
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/nagios-plugins/distinfo
diff -u pkgsrc/net/nagios-plugins/distinfo:1.23 pkgsrc/net/nagios-plugins/distinfo:1.24
--- pkgsrc/net/nagios-plugins/distinfo:1.23	Wed Nov  8 03:20:48 2017
+++ pkgsrc/net/nagios-plugins/distinfo	Fri Aug  3 14:03:09 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.23 2017/11/08 03:20:48 taca Exp $
+$NetBSD: distinfo,v 1.24 2018/08/03 14:03:09 manu Exp $
 
 SHA1 (nagios-plugins-2.2.1.tar.gz) = 0d3fc8876343a906f0dcc2c00850e4ad956a150a
 RMD160 (nagios-plugins-2.2.1.tar.gz) = 39c364ac08854a1829d47562d4add1ae58a49334
@@ -15,3 +15,4 @@ SHA1 (patch-plugins-scripts_check__breez
 SHA1 (patch-plugins-scripts_check__wave.pl) = 535b008877cad780afa2ed3429ffb84e7da3ec28
 SHA1 (patch-plugins__check_swap.c) = b822de3488ecace977a739ebcfc56229763cd945
 SHA1 (patch-plugins_check__radius.c) = 3f86bac4f7aa52931bad46d9ee4a421c2ee744f3
+SHA1 (patch-plugins_check_nagios.c) = a137ba674b2b61daa3af9a7be705d30af4a48aa8

Added files:

Index: pkgsrc/net/nagios-plugins/patches/patch-plugins_check_nagios.c
diff -u /dev/null pkgsrc/net/nagios-plugins/patches/patch-plugins_check_nagios.c:1.1
--- /dev/null	Fri Aug  3 14:03:09 2018
+++ pkgsrc/net/nagios-plugins/patches/patch-plugins_check_nagios.c	Fri Aug  3 14:03:09 2018
@@ -0,0 +1,29 @@
+$NetBSD: patch-plugins_check_nagios.c,v 1.1 2018/08/03 14:03:09 manu Exp $
+
+Crash fix: initialize variable, check bounds on string copy.
+
+--- plugins/check_nagios.c.orig
++++ plugins/check_nagios.c
+@@ -71,9 +71,9 @@
+ 	char procstat[8];
+ #ifdef PS_USES_PROCETIME
+ 	char procetime[MAX_INPUT_BUFFER];
+ #endif /* PS_USES_PROCETIME */
+-	char procprog[MAX_INPUT_BUFFER];
++	char procprog[MAX_INPUT_BUFFER] = { '\0' };
+ 	char *procargs;
+ 	int pos, cols;
+ 	int expected_cols = PS_COLS - 1;
+ 	const char *zombie = "Z";
+@@ -143,9 +143,10 @@
+ 
+ 			/* Some ps return full pathname for command. This removes path */
+ 			temp_string = strtok ((char *)procprog, "/");
+ 			while (temp_string) {
+-				strcpy(procprog, temp_string);
++				strncpy(procprog, temp_string, sizeof(procprog));
++				procprog[sizeof(procprog) - 1] = '\0';
+ 				temp_string = strtok (NULL, "/");
+ 			}
+ 
+ 			/* May get empty procargs */


--_----------=_1533304989100430--