diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_apt.c | 3 | ||||
-rw-r--r-- | plugins/check_http.c | 10 | ||||
-rw-r--r-- | plugins/check_ntp.c | 13 | ||||
-rw-r--r-- | plugins/check_real.c | 1 | ||||
-rw-r--r-- | plugins/negate.c | 7 |
5 files changed, 24 insertions, 10 deletions
diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 4c76a512..07622c2f 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -223,6 +223,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ regex_t ireg, ereg, sreg; char *cmdline=NULL, rerrbuf[64]; + /* initialize ereg as it is possible it is printed while uninitialized */ + memset(&ereg, "\0", sizeof(ereg.buffer)); + if(upgrade==NO_UPGRADE) return STATE_OK; /* compile the regexps */ diff --git a/plugins/check_http.c b/plugins/check_http.c index 92861d97..51679975 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line) if (addr == NULL) die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); + memset(addr, 0, MAX_IPV4_HOSTLENGTH); url = malloc (strcspn (pos, "\r\n")); if (url == NULL) die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); @@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line) max_depth, type, addr, i, url, (display_html ? "</A>" : "")); if (server_port==i && - !strcmp(server_address, addr) && - (host_name && !strcmp(host_name, addr)) && + !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) && + (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) && !strcmp(server_url, url)) die (STATE_WARNING, _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), @@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line) strcpy (server_type, type); free (host_name); - host_name = strdup (addr); + host_name = strndup (addr, MAX_IPV4_HOSTLENGTH); if (!(followsticky & STICKY_HOST)) { free (server_address); - server_address = strdup (addr); + server_address = strndup (addr, MAX_IPV4_HOSTLENGTH); } if (!(followsticky & STICKY_PORT)) { server_port = i; @@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line) printf (_("Redirection to %s://%s:%d%s\n"), server_type, host_name ? host_name : server_address, server_port, server_url); + free(addr); check_http (); } diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 0a7640a7..09a923eb 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -517,13 +517,14 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){ double jitter_request(const char *host, int *status){ int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; - int peers_size=0, peer_offset=0; + int peers_size=0, peer_offset=0, bytes_read=0; ntp_assoc_status_pair *peers=NULL; ntp_control_message req; const char *getvar = "jitter"; double rval = 0.0, jitter = -1.0; char *startofvalue=NULL, *nptr=NULL; void *tmp; + int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2; /* Long-winded explanation: * Getting the jitter requires a number of steps: @@ -608,7 +609,15 @@ double jitter_request(const char *host, int *status){ req.count = htons(MAX_CM_SIZE); DBG(printf("recieving READVAR response...\n")); - read(conn, &req, SIZEOF_NTPCM(req)); + + /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/ + if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1) + die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno)); + if (bytes_read != ntp_cm_ints + req.count) + die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); + /* else null terminate */ + strncpy(req.data[req.count], "\0", 1); + DBG(print_ntp_control_message(&req)); if(req.op&REM_ERROR && strstr(getvar, "jitter")) { diff --git a/plugins/check_real.c b/plugins/check_real.c index 47776c5b..36f64134 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -178,6 +178,7 @@ main (int argc, char **argv) /* watch for the REAL connection string */ result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0); + buffer[result] = "\0"; /* null terminate recieved buffer */ /* return a CRITICAL status if we couldn't read any data */ if (result == -1) { diff --git a/plugins/negate.c b/plugins/negate.c index 4bd09deb..d512e346 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -44,7 +44,7 @@ const char *email = "devel@monitoring-plugins.org"; /* char *command_line; */ static const char **process_arguments (int, char **); -int validate_arguments (char **); +void validate_arguments (char **); void print_help (void); void print_usage (void); int subst_text = FALSE; @@ -98,8 +98,7 @@ main (int argc, char **argv) die (max_state_alt (result, STATE_UNKNOWN), _("No data returned from command\n")); for (i = 0; i < chld_out.lines; i++) { - if (subst_text && result != state[result] && - result >= 0 && result <= 4) { + if (subst_text && result >= 0 && result <= 4 && result != state[result]) { /* Loop over each match found */ while ((sub = strstr (chld_out.line[i], state_text (result)))) { /* Terminate the first part and skip over the string we'll substitute */ @@ -206,7 +205,7 @@ process_arguments (int argc, char **argv) } -int +void validate_arguments (char **command_line) { if (command_line[0] == NULL) |