aboutsummaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorGravatar Sven Nierlein <sven@nierlein.org> 2014-06-28 22:14:02 +0200
committerGravatar Sven Nierlein <sven@nierlein.org> 2014-06-28 22:14:02 +0200
commitea8ab2002cd72f657582f4dd0a0580bd10131401 (patch)
tree43245ea6bf7f3e7cd0e6ca344dfc94c68189cca2 /plugins
parente566021a54c500aa2ee0f17bfe4f95d1fd1be243 (diff)
parent9123f6146c5dd3285d8fb78cf3a8cd52bad17ec1 (diff)
downloadmonitoring-plugins-ea8ab2002cd72f657582f4dd0a0580bd10131401.tar.gz
Merge pull request #1263 from waja/coverity_fixes
Serveral coverity fixes from nagios-plugins
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_apt.c3
-rw-r--r--plugins/check_http.c10
-rw-r--r--plugins/check_ntp.c13
-rw-r--r--plugins/check_real.c1
-rw-r--r--plugins/negate.c7
5 files changed, 24 insertions, 10 deletions
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index 4c76a512..07622c2f 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -223,6 +223,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
regex_t ireg, ereg, sreg;
char *cmdline=NULL, rerrbuf[64];
+ /* initialize ereg as it is possible it is printed while uninitialized */
+ memset(&ereg, "\0", sizeof(ereg.buffer));
+
if(upgrade==NO_UPGRADE) return STATE_OK;
/* compile the regexps */
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 92861d97..51679975 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line)
if (addr == NULL)
die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n"));
+ memset(addr, 0, MAX_IPV4_HOSTLENGTH);
url = malloc (strcspn (pos, "\r\n"));
if (url == NULL)
die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
@@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line)
max_depth, type, addr, i, url, (display_html ? "</A>" : ""));
if (server_port==i &&
- !strcmp(server_address, addr) &&
- (host_name && !strcmp(host_name, addr)) &&
+ !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
+ (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
!strcmp(server_url, url))
die (STATE_WARNING,
_("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
@@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line)
strcpy (server_type, type);
free (host_name);
- host_name = strdup (addr);
+ host_name = strndup (addr, MAX_IPV4_HOSTLENGTH);
if (!(followsticky & STICKY_HOST)) {
free (server_address);
- server_address = strdup (addr);
+ server_address = strndup (addr, MAX_IPV4_HOSTLENGTH);
}
if (!(followsticky & STICKY_PORT)) {
server_port = i;
@@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line)
printf (_("Redirection to %s://%s:%d%s\n"), server_type,
host_name ? host_name : server_address, server_port, server_url);
+ free(addr);
check_http ();
}
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 0a7640a7..09a923eb 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -517,13 +517,14 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
double jitter_request(const char *host, int *status){
int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
- int peers_size=0, peer_offset=0;
+ int peers_size=0, peer_offset=0, bytes_read=0;
ntp_assoc_status_pair *peers=NULL;
ntp_control_message req;
const char *getvar = "jitter";
double rval = 0.0, jitter = -1.0;
char *startofvalue=NULL, *nptr=NULL;
void *tmp;
+ int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2;
/* Long-winded explanation:
* Getting the jitter requires a number of steps:
@@ -608,7 +609,15 @@ double jitter_request(const char *host, int *status){
req.count = htons(MAX_CM_SIZE);
DBG(printf("recieving READVAR response...\n"));
- read(conn, &req, SIZEOF_NTPCM(req));
+
+ /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/
+ if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1)
+ die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno));
+ if (bytes_read != ntp_cm_ints + req.count)
+ die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count);
+ /* else null terminate */
+ strncpy(req.data[req.count], "\0", 1);
+
DBG(print_ntp_control_message(&req));
if(req.op&REM_ERROR && strstr(getvar, "jitter")) {
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 47776c5b..36f64134 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -178,6 +178,7 @@ main (int argc, char **argv)
/* watch for the REAL connection string */
result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
+ buffer[result] = "\0"; /* null terminate recieved buffer */
/* return a CRITICAL status if we couldn't read any data */
if (result == -1) {
diff --git a/plugins/negate.c b/plugins/negate.c
index 4bd09deb..d512e346 100644
--- a/plugins/negate.c
+++ b/plugins/negate.c
@@ -44,7 +44,7 @@ const char *email = "devel@monitoring-plugins.org";
/* char *command_line; */
static const char **process_arguments (int, char **);
-int validate_arguments (char **);
+void validate_arguments (char **);
void print_help (void);
void print_usage (void);
int subst_text = FALSE;
@@ -98,8 +98,7 @@ main (int argc, char **argv)
die (max_state_alt (result, STATE_UNKNOWN), _("No data returned from command\n"));
for (i = 0; i < chld_out.lines; i++) {
- if (subst_text && result != state[result] &&
- result >= 0 && result <= 4) {
+ if (subst_text && result >= 0 && result <= 4 && result != state[result]) {
/* Loop over each match found */
while ((sub = strstr (chld_out.line[i], state_text (result)))) {
/* Terminate the first part and skip over the string we'll substitute */
@@ -206,7 +205,7 @@ process_arguments (int argc, char **argv)
}
-int
+void
validate_arguments (char **command_line)
{
if (command_line[0] == NULL)