diff options
| author |  Holger Weiss <hweiss@users.sourceforge.net>
| 2007-06-15 18:37:13 +0000 |
|---|---|---|
| committer | Holger Weiss <hweiss@users.sourceforge.net>
| 2007-06-15 18:37:13 +0000 |
| commit | ba3112f4c9e6521901ee2ad6e4268e1f06740b5a (patch) | |
| tree | 0182b8a607fe5876159b39277b04c5351ab3adce | |
| parent | 0dc4801791d956c3d4d2059b6fcdd249fe152df5 (diff) | |
| download | monitoring-plugins-ba3112f4c9e6521901ee2ad6e4268e1f06740b5a.tar.gz | |
When following redirects, the plugin supported 'Location:' header fields
which spanned multiple lines. However, it was not checked whether extra
lines are preceeded with white space, which could lead to the following
header field name being interpreted as the value of the 'Location:'
field if the latter was empty for some reason.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1741 f882894a-f735-0410-b71e-b25c423dba1c
| -rw-r--r-- | plugins/check_http.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index f2f7a18a..6773e65b 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -1099,7 +1099,19 @@ redir (char *pos, char *status_line) } pos += i; - pos += strspn (pos, " \t\r\n"); + pos += strspn (pos, " \t"); + + /* + * RFC 2616 (4.2): ``Header fields can be extended over multiple lines by + * preceding each extra line with at least one SP or HT.'' + */ + for (; (i = strspn (pos, "\r\n")); pos += i) { + pos += i; + if (!(i = strspn (pos, " \t"))) { + die (STATE_UNKNOWN, _("HTTP UNKNOWN - Empty redirect location%s\n"), + display_html ? "</A>" : ""); + } + } url = realloc (url, strcspn (pos, "\r\n") + 1); if (url == NULL) |