[monitoring-plugins] plugins/check_http.c - leakage fix

Jan Wagner git at monitoring-plugins.org
Sat Jun 28 22:20:08 CEST 2014

Previous message: [monitoring-plugins] plugins/check_ntp.c - Verify struct from response
Next message: [monitoring-plugins] plugins-root/check_dhcp.c - array out of bounds
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Module: monitoring-plugins
    Branch: master
    Commit: 5866cb0a09876d6b2a84006bda8aa9de7ea467fd
    Author: Spenser Reinhardt <sreinhardt at nagios.com>
 Committer: Jan Wagner <waja at cyconet.org>
      Date: Sun Jun 22 15:34:25 2014 -0500
       URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=5866cb0

plugins/check_http.c - leakage fix

Coverity 66514 - Possible leakage and overflow with addr in redirect functionality. Not confirmed as null terminated, and externally gathered. Restrict string comparisons and duplications by size. - SR

---

 plugins/check_http.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/plugins/check_http.c b/plugins/check_http.c
index 92861d9..5167997 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line)
   if (addr == NULL)
     die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n"));
 
+  memset(addr, 0, MAX_IPV4_HOSTLENGTH);
   url = malloc (strcspn (pos, "\r\n"));
   if (url == NULL)
     die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
@@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line)
          max_depth, type, addr, i, url, (display_html ? "</A>" : ""));
 
   if (server_port==i &&
-      !strcmp(server_address, addr) &&
-      (host_name && !strcmp(host_name, addr)) &&
+      !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
+      (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
       !strcmp(server_url, url))
     die (STATE_WARNING,
          _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
@@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line)
   strcpy (server_type, type);
 
   free (host_name);
-  host_name = strdup (addr);
+  host_name = strndup (addr, MAX_IPV4_HOSTLENGTH);
 
   if (!(followsticky & STICKY_HOST)) {
     free (server_address);
-    server_address = strdup (addr);
+    server_address = strndup (addr, MAX_IPV4_HOSTLENGTH);
   }
   if (!(followsticky & STICKY_PORT)) {
     server_port = i;
@@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line)
     printf (_("Redirection to %s://%s:%d%s\n"), server_type,
             host_name ? host_name : server_address, server_port, server_url);
 
+  free(addr);
   check_http ();
 }

Previous message: [monitoring-plugins] plugins/check_ntp.c - Verify struct from response
Next message: [monitoring-plugins] plugins-root/check_dhcp.c - array out of bounds
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list