summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLorenz <12514511+RincewindsHat@users.noreply.github.com>2023-03-12 10:59:39 +0100
committerGitHub <noreply@github.com>2023-03-12 10:59:39 +0100
commit73c24a393b79940b109b3c3608a4008a7fca44f4 (patch)
treec0eeb5952582a300ec6eef639473b6861339a333
parent357787868b5201ec3e874e7a225b1c944cbbdb4d (diff)
parentea53555f2d6254da5fec0c1061899a01dd5321ec (diff)
downloadmonitoring-plugins-73c24a3.tar.gz
Merge pull request #1847 from monitoring-plugins/curlfix1845
Fix for SSL host list messup when picking from multiple IPs (#1844)
-rw-r--r--plugins/check_curl.c50
1 files changed, 35 insertions, 15 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index c37d45d9..e5be1ad5 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -384,8 +384,11 @@ int
384lookup_host (const char *host, char *buf, size_t buflen) 384lookup_host (const char *host, char *buf, size_t buflen)
385{ 385{
386 struct addrinfo hints, *res, *result; 386 struct addrinfo hints, *res, *result;
387 char addrstr[100];
388 size_t addrstr_len;
387 int errcode; 389 int errcode;
388 void *ptr; 390 void *ptr;
391 size_t buflen_remaining = buflen - 1;
389 392
390 memset (&hints, 0, sizeof (hints)); 393 memset (&hints, 0, sizeof (hints));
391 hints.ai_family = address_family; 394 hints.ai_family = address_family;
@@ -395,26 +398,40 @@ lookup_host (const char *host, char *buf, size_t buflen)
395 errcode = getaddrinfo (host, NULL, &hints, &result); 398 errcode = getaddrinfo (host, NULL, &hints, &result);
396 if (errcode != 0) 399 if (errcode != 0)
397 return errcode; 400 return errcode;
398 401
402 strcpy(buf, "");
399 res = result; 403 res = result;
400 404
401 while (res) { 405 while (res) {
402 inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); 406 switch (res->ai_family) {
403 switch (res->ai_family) { 407 case AF_INET:
404 case AF_INET: 408 ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
405 ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; 409 break;
406 break; 410 case AF_INET6:
407 case AF_INET6: 411 ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
408 ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; 412 break;
409 break;
410 } 413 }
411 inet_ntop (res->ai_family, ptr, buf, buflen); 414
412 if (verbose >= 1) 415 inet_ntop (res->ai_family, ptr, addrstr, 100);
416 if (verbose >= 1) {
413 printf ("* getaddrinfo IPv%d address: %s\n", 417 printf ("* getaddrinfo IPv%d address: %s\n",
414 res->ai_family == PF_INET6 ? 6 : 4, buf); 418 res->ai_family == PF_INET6 ? 6 : 4, addrstr);
419 }
420
421 // Append all IPs to buf as a comma-separated string
422 addrstr_len = strlen(addrstr);
423 if (buflen_remaining > addrstr_len + 1) {
424 if (buf[0] != '\0') {
425 strncat(buf, ",", buflen_remaining);
426 buflen_remaining -= 1;
427 }
428 strncat(buf, addrstr, buflen_remaining);
429 buflen_remaining -= addrstr_len;
430 }
431
415 res = res->ai_next; 432 res = res->ai_next;
416 } 433 }
417 434
418 freeaddrinfo(result); 435 freeaddrinfo(result);
419 436
420 return 0; 437 return 0;
@@ -445,7 +462,7 @@ check_http (void)
445 int i; 462 int i;
446 char *force_host_header = NULL; 463 char *force_host_header = NULL;
447 struct curl_slist *host = NULL; 464 struct curl_slist *host = NULL;
448 char addrstr[100]; 465 char addrstr[DEFAULT_BUFFER_SIZE/2];
449 char dnscache[DEFAULT_BUFFER_SIZE]; 466 char dnscache[DEFAULT_BUFFER_SIZE];
450 467
451 /* initialize curl */ 468 /* initialize curl */
@@ -497,7 +514,7 @@ check_http (void)
497 514
498 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy 515 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
499 if(use_ssl && host_name != NULL) { 516 if(use_ssl && host_name != NULL) {
500 if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { 517 if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
501 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), 518 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
502 server_address, res, gai_strerror (res)); 519 server_address, res, gai_strerror (res));
503 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 520 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
@@ -792,6 +809,9 @@ check_http (void)
792 /* free header and server IP resolve lists, we don't need it anymore */ 809 /* free header and server IP resolve lists, we don't need it anymore */
793 curl_slist_free_all (header_list); header_list = NULL; 810 curl_slist_free_all (header_list); header_list = NULL;
794 curl_slist_free_all (server_ips); server_ips = NULL; 811 curl_slist_free_all (server_ips); server_ips = NULL;
812 if (host) {
813 curl_slist_free_all (host); host = NULL;
814 }
795 815
796 /* Curl errors, result in critical Nagios state */ 816 /* Curl errors, result in critical Nagios state */
797 if (res != CURLE_OK) { 817 if (res != CURLE_OK) {