From: Tobias Oetiker <tobi@oetiker.ch>
Date: Tue, 8 Sep 2015 20:58:21 +0000 (+0200)
Subject: fix for buffer overflow in rrd_restore.c #669
X-Git-Tag: v1.5.5~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e36c800766a847f10bca8c20ee461fd7261c9fa3;p=thirdparty%2Frrdtool-1.x.git

fix for buffer overflow in rrd_restore.c #669
---

diff --git a/CHANGES b/CHANGES
index a83d56d5..7f53f649 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,7 +5,7 @@ Bugfixes
 --------
 * shorten test precision to 7 digits ... 
 * never exit from a library function
-
+* buffer overflow in rrd_restore.c fixed #669
 
 RRDtool 1.5.4 - 2015-08-09
 ==========================
diff --git a/src/rrd_restore.c b/src/rrd_restore.c
index 27365a7c..7292dff0 100644
--- a/src/rrd_restore.c
+++ b/src/rrd_restore.c
@@ -545,7 +545,7 @@ static int parse_tag_rra_cdp_prep_ds_history(
     int       i;
     if ((history = get_xml_text(reader)) != NULL){
         history_ptr = (char *) (&cdp_prep->scratch[0]);
-        for (i = 0; history[i] != '\0'; i++)
+        for (i = 0; history[i] != '\0' && i < MAX_CDP_PAR_EN; i++)
             history_ptr[i] = (history[i] == '1') ? 1 : 0;
         xmlFree(history);        
         return 0;