Merge pull request #1825 from cpu/cpu-fix-rootcheck-decoder-heap-over…

…flow analysisd: fix heap overflow in rootkit decoder.
ossec · Jan 17, 2020 · 0f3b176 · 0f3b176
2 parents 942f1cf + 1fe7768
commit 0f3b176
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/analysisd/decoders/rootcheck.c b/src/analysisd/decoders/rootcheck.c
@@ -56,7 +56,7 @@ static FILE *RK_File(const char *agent, int *agent_id)
     int i = 0;
     char rk_buf[OS_SIZE_1024 + 1];
 
-    while (rk_agent_ips[i] != NULL) {
+    while (i < MAX_AGENTS && rk_agent_ips[i] != NULL) {
         if (strcmp(rk_agent_ips[i], agent) == 0) {
             /* Pointing to the beginning of the file */
             fseek(rk_agent_fps[i], 0, SEEK_SET);
@@ -67,6 +67,12 @@ static FILE *RK_File(const char *agent, int *agent_id)
         i++;
     }
 
+    /* If here, our agent wasn't found */
+    if (i == MAX_AGENTS) {
+        merror("%s: Unable to open rootcheck file. Increase MAX_AGENTS.", ARGV0);
+        return (NULL);
+    }
+
     /* If here, our agent wasn't found */
     rk_agent_ips[i] = strdup(agent);