[Nagiosplug-checkins] SF.net SVN: nagiosplug:[2052] nagiosplug/trunk

dermoth at users.sourceforge.net dermoth at users.sourceforge.net
Tue Sep 2 05:42:16 CEST 2008

Previous message: [Nagiosplug-checkins] SF.net SVN: nagiosplug:[2051] nagiosplug/trunk
Next message: [Nagiosplug-checkins] SF.net SVN: nagiosplug:[2053] nagiosplug/trunk
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Revision: 2052
          http://nagiosplug.svn.sourceforge.net/nagiosplug/?rev=2052&view=rev
Author:   dermoth
Date:     2008-09-02 03:42:16 +0000 (Tue, 02 Sep 2008)

Log Message:
-----------
Fix possible segfault in check_ntp_peer with deliberately invalid packets

Modified Paths:
--------------
    nagiosplug/trunk/NEWS
    nagiosplug/trunk/plugins/check_ntp_peer.c

Modified: nagiosplug/trunk/NEWS
===================================================================
--- nagiosplug/trunk/NEWS	2008-09-01 14:04:22 UTC (rev 2051)
+++ nagiosplug/trunk/NEWS	2008-09-02 03:42:16 UTC (rev 2052)
@@ -11,7 +11,8 @@
 	check_icmp now supports packet size modification
 	check_http -e now accepts a comma-delimited list of expected status codes
 	libtap now included with this distribution for easier testing. Run ./configure with --enable-libtap
-	check_ntp_peer/check_ntp_time used to show port in --help but ignored the argument - now implemented.
+	check_ntp_peer/check_ntp_time used to show port in --help but ignored the argument - now implemented
+	Fix possible segfault in check_ntp_peer with deliberately invalid packets
 
 1.4.12 27th May 2008
 	Added ./check_nt -v INSTANCES to count number of instances (Alessandro Ren)

Modified: nagiosplug/trunk/plugins/check_ntp_peer.c
===================================================================
--- nagiosplug/trunk/plugins/check_ntp_peer.c	2008-09-01 14:04:22 UTC (rev 2051)
+++ nagiosplug/trunk/plugins/check_ntp_peer.c	2008-09-02 03:42:16 UTC (rev 2052)
@@ -299,6 +299,9 @@
 		if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
 			die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
 		DBG(print_ntp_control_message(&req));
+		/* discard obviously invalid packets */
+		if (ntohs(req.count) > MAX_CM_SIZE)
+			die(STATE_CRITICAL, "NTP CRITICAL: Invalid paclet received from NTP server\n");
 		if (LI(req.flags) == LI_ALARM) li_alarm = 1;
 		/* Each peer identifier is 4 bytes in the data section, which
 	 	 * we represent as a ntp_assoc_status_pair datatype.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Previous message: [Nagiosplug-checkins] SF.net SVN: nagiosplug:[2051] nagiosplug/trunk
Next message: [Nagiosplug-checkins] SF.net SVN: nagiosplug:[2053] nagiosplug/trunk
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list