rrdtool: Ensure data read by the parser is always NULL terminated

To seal out any possible denial of service attacs, do not expect the
parsers to return data that is NULL terminated.

Signed-off-by: Timo Kokkonen <timo.t.kokkonen@iki.fi>

diff --git a/rrdtool.c b/rrdtool.c
index 8f6bc4a43f3568a385665760f827d204519950db..76540b8f0c2843fabef3f5c47bcad2563b3f1c20 100644 (file)
--- a/rrdtool.c
+++ b/rrdtool.c
@@ -198,7 +198,7 @@ static int sanitize_rrd_update_data(char *data)
 int rrdtool_update_data(struct rrd_database *rrd)
 {
        int pid;
-       char data[RRD_DATA_MAX_LEN + 2];
+       char data[RRD_DATA_MAX_LEN + 3]; /* 3 == "N:" + NULL termination */
        char cmd[] = RRDTOOL_CMD;
 //     char cmd[] = "echo";
        char *const cmdline[] = {
@@ -218,6 +218,8 @@ int rrdtool_update_data(struct rrd_database *rrd)
 
        if (rrd->parse) {
                rrd->parse(data + l, rrd->parser_data);
+               data[RRD_DATA_MAX_LEN + 2] = '\0';
+
                sanitize_rrd_update_data(data + l);
                pid = run(cmd, cmdline);
                harvest_zombies(pid);