From 9bd7ee34072d65125a0b96ebafc3daddf34f26c7 Mon Sep 17 00:00:00 2001
From: Tobias Oetiker <tobi@oetiker.ch>
Date: Tue, 8 Sep 2015 22:58:21 +0200
Subject: [PATCH] fix for buffer overflow in rrd_restore.c #669

---
 CHANGES           | 2 +-
 src/rrd_restore.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index a83d56d5..7f53f649 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,7 +5,7 @@ Bugfixes
 --------
 * shorten test precision to 7 digits ... 
 * never exit from a library function
-
+* buffer overflow in rrd_restore.c fixed #669
 
 RRDtool 1.5.4 - 2015-08-09
 ==========================
diff --git a/src/rrd_restore.c b/src/rrd_restore.c
index 27365a7c..7292dff0 100644
--- a/src/rrd_restore.c
+++ b/src/rrd_restore.c
@@ -545,7 +545,7 @@ static int parse_tag_rra_cdp_prep_ds_history(
     int       i;
     if ((history = get_xml_text(reader)) != NULL){
         history_ptr = (char *) (&cdp_prep->scratch[0]);
-        for (i = 0; history[i] != '\0'; i++)
+        for (i = 0; history[i] != '\0' && i < MAX_CDP_PAR_EN; i++)
             history_ptr[i] = (history[i] == '1') ? 1 : 0;
         xmlFree(history);        
         return 0;        
-- 
2.47.2