[mod_rrdtool] fix invalid read (string not null terminated)

From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2940 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:03 +00:00 · 2014-02-14 21:06:03 +00:00 · 0aaf939e5e
parent fc3a060a04
commit 0aaf939e5e
2 changed files with 4 additions and 2 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@ NEWS
 - 1.4.35
  * [network/ssl] fix build error if TLSEXT is disabled
  * [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)
+  * [mod_rrdtool] fix invalid read (string not null terminated)

 - 1.4.34
  * [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
--- a/src/mod_rrdtool.c
+++ b/src/mod_rrdtool.c
@ -437,7 +437,7 @@ TRIGGER_FUNC(mod_rrd_trigger) {
 		}

 		buffer_prepare_copy(p->resp, 4096);
-		if (-1 == (r = safe_read(p->read_fd, p->resp->ptr, p->resp->size))) {
+		if (-1 == (r = safe_read(p->read_fd, p->resp->ptr, p->resp->size - 1))) {
 			p->rrdtool_running = 0;

 			log_error_write(srv, __FILE__, __LINE__, "ss",
@ -446,7 +446,8 @@ TRIGGER_FUNC(mod_rrd_trigger) {
 			return HANDLER_ERROR;
 		}

-		p->resp->used = r;
+		p->resp->used = r + 1;
+		p->resp->ptr[r] = '\0';

 		if (p->resp->ptr[0] != 'O' ||
 		    p->resp->ptr[1] != 'K') {