0004594: nmeter buffer overflow

[Cristian Cadar]

http://bugs.busybox.net/view.php?id=4594

Test case: ./nmeter -

The problem in in nmeter.c:

776: char buf[32];
...

790: if (open_read_close("version", buf, sizeof(buf)) > 0)
791:    is26 = (strstr(buf, " 2.4.")==NULL);

At line 790, up to 32 chars are read into buf. If all 32 chars are
used, there's no space left for a terminating zero, and strstr will
read out-of-bounds memory. The fix would be to either resize buf or
read only up to sizeof(buf)-1 char, and to terminate buf with a '\0'.

Thanks,
Cristian