diff options
author | Spenser Reinhardt <sreinhardt@nagios.com> | 2014-06-22 15:34:25 -0500 |
---|---|---|
committer | Jan Wagner <waja@cyconet.org> | 2014-06-28 18:21:26 +0200 |
commit | 5866cb0a09876d6b2a84006bda8aa9de7ea467fd (patch) | |
tree | 5e188731874aa5ff73e8eb88e27c56028e3afa46 | |
parent | a04df3e1b67dc5eab3adc202cc89901f801cdeaa (diff) | |
download | monitoring-plugins-5866cb0.tar.gz |
plugins/check_http.c - leakage fix
Coverity 66514 - Possible leakage and overflow with addr in redirect functionality. Not confirmed as null terminated, and externally gathered. Restrict string comparisons and duplications by size. - SR
-rw-r--r-- | plugins/check_http.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 92861d97..51679975 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line) | |||
1243 | if (addr == NULL) | 1243 | if (addr == NULL) |
1244 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); | 1244 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); |
1245 | 1245 | ||
1246 | memset(addr, 0, MAX_IPV4_HOSTLENGTH); | ||
1246 | url = malloc (strcspn (pos, "\r\n")); | 1247 | url = malloc (strcspn (pos, "\r\n")); |
1247 | if (url == NULL) | 1248 | if (url == NULL) |
1248 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); | 1249 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); |
@@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line) | |||
1333 | max_depth, type, addr, i, url, (display_html ? "</A>" : "")); | 1334 | max_depth, type, addr, i, url, (display_html ? "</A>" : "")); |
1334 | 1335 | ||
1335 | if (server_port==i && | 1336 | if (server_port==i && |
1336 | !strcmp(server_address, addr) && | 1337 | !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) && |
1337 | (host_name && !strcmp(host_name, addr)) && | 1338 | (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) && |
1338 | !strcmp(server_url, url)) | 1339 | !strcmp(server_url, url)) |
1339 | die (STATE_WARNING, | 1340 | die (STATE_WARNING, |
1340 | _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), | 1341 | _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), |
@@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line) | |||
1343 | strcpy (server_type, type); | 1344 | strcpy (server_type, type); |
1344 | 1345 | ||
1345 | free (host_name); | 1346 | free (host_name); |
1346 | host_name = strdup (addr); | 1347 | host_name = strndup (addr, MAX_IPV4_HOSTLENGTH); |
1347 | 1348 | ||
1348 | if (!(followsticky & STICKY_HOST)) { | 1349 | if (!(followsticky & STICKY_HOST)) { |
1349 | free (server_address); | 1350 | free (server_address); |
1350 | server_address = strdup (addr); | 1351 | server_address = strndup (addr, MAX_IPV4_HOSTLENGTH); |
1351 | } | 1352 | } |
1352 | if (!(followsticky & STICKY_PORT)) { | 1353 | if (!(followsticky & STICKY_PORT)) { |
1353 | server_port = i; | 1354 | server_port = i; |
@@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line) | |||
1366 | printf (_("Redirection to %s://%s:%d%s\n"), server_type, | 1367 | printf (_("Redirection to %s://%s:%d%s\n"), server_type, |
1367 | host_name ? host_name : server_address, server_port, server_url); | 1368 | host_name ? host_name : server_address, server_port, server_url); |
1368 | 1369 | ||
1370 | free(addr); | ||
1369 | check_http (); | 1371 | check_http (); |
1370 | } | 1372 | } |
1371 | 1373 | ||