diff options
author | Alex Bradley <a.bradley@alumni.cs.ubc.ca> | 2012-10-02 23:22:54 -0700 |
---|---|---|
committer | Alex Bradley <a.bradley@alumni.cs.ubc.ca> | 2012-10-02 23:22:54 -0700 |
commit | 7918f5868c08909050aa083eeb819d110f2d160d (patch) | |
tree | a6c62fb81ddbd1ebfb2b983b9ffaebf0792c3c33 | |
parent | 05c4c9bfc649ba8f66e470667824200c2cda5314 (diff) | |
download | monitoring-plugins-7918f5868c08909050aa083eeb819d110f2d160d.tar.gz |
Don't prepend "^Inst" or append a space to the "include", "exclude", or
"critical" regular expressions. Instead, check for lines beginning
with "Inst" using strncmp and apply the regular expressions only when
such lines are found.
Fixes Debian bug #522812, along the lines suggested by the bug
submitter, Justin T Pryzby.
-rw-r--r-- | plugins/check_apt.c | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 7efa596b..26499aef 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c | |||
@@ -49,6 +49,8 @@ typedef enum { UPGRADE, DIST_UPGRADE, NO_UPGRADE } upgrade_type; | |||
49 | #ifndef PATH_TO_APTGET | 49 | #ifndef PATH_TO_APTGET |
50 | # define PATH_TO_APTGET "/usr/bin/apt-get" | 50 | # define PATH_TO_APTGET "/usr/bin/apt-get" |
51 | #endif /* PATH_TO_APTGET */ | 51 | #endif /* PATH_TO_APTGET */ |
52 | /* String found at the beginning of the apt output lines we're interested in */ | ||
53 | #define PKGINST_PREFIX "Inst " | ||
52 | /* the RE that catches security updates */ | 54 | /* the RE that catches security updates */ |
53 | #define SECURITY_RE "^[^\\(]*\\([^ ]* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)" | 55 | #define SECURITY_RE "^[^\\(]*\\([^ ]* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)" |
54 | 56 | ||
@@ -211,22 +213,18 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ | |||
211 | struct output chld_out, chld_err; | 213 | struct output chld_out, chld_err; |
212 | regex_t ireg, ereg, sreg; | 214 | regex_t ireg, ereg, sreg; |
213 | char *cmdline=NULL, rerrbuf[64]; | 215 | char *cmdline=NULL, rerrbuf[64]; |
214 | const char *include_ptr=NULL, *crit_ptr=NULL; | ||
215 | 216 | ||
216 | if(upgrade==NO_UPGRADE) return STATE_OK; | 217 | if(upgrade==NO_UPGRADE) return STATE_OK; |
217 | 218 | ||
218 | /* compile the regexps */ | 219 | /* compile the regexps */ |
219 | if(do_include!=NULL) include_ptr=do_include; | 220 | if (do_include != NULL) { |
220 | else include_ptr="^Inst"; | 221 | regres=regcomp(&ireg, do_include, REG_EXTENDED); |
221 | if(do_critical!=NULL) crit_ptr=do_critical; | 222 | if (regres!=0) { |
222 | else crit_ptr=SECURITY_RE; | 223 | regerror(regres, &ireg, rerrbuf, 64); |
223 | 224 | die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf); | |
224 | regres=regcomp(&ireg, include_ptr, REG_EXTENDED); | 225 | } |
225 | if(regres!=0) { | ||
226 | regerror(regres, &ireg, rerrbuf, 64); | ||
227 | die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf); | ||
228 | } | 226 | } |
229 | 227 | ||
230 | if(do_exclude!=NULL){ | 228 | if(do_exclude!=NULL){ |
231 | regres=regcomp(&ereg, do_exclude, REG_EXTENDED); | 229 | regres=regcomp(&ereg, do_exclude, REG_EXTENDED); |
232 | if(regres!=0) { | 230 | if(regres!=0) { |
@@ -235,6 +233,8 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ | |||
235 | progname, rerrbuf); | 233 | progname, rerrbuf); |
236 | } | 234 | } |
237 | } | 235 | } |
236 | |||
237 | const char *crit_ptr = (do_critical != NULL) ? do_critical : SECURITY_RE; | ||
238 | regres=regcomp(&sreg, crit_ptr, REG_EXTENDED); | 238 | regres=regcomp(&sreg, crit_ptr, REG_EXTENDED); |
239 | if(regres!=0) { | 239 | if(regres!=0) { |
240 | regerror(regres, &ereg, rerrbuf, 64); | 240 | regerror(regres, &ereg, rerrbuf, 64); |
@@ -269,7 +269,8 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ | |||
269 | printf("%s\n", chld_out.line[i]); | 269 | printf("%s\n", chld_out.line[i]); |
270 | } | 270 | } |
271 | /* if it is a package we care about */ | 271 | /* if it is a package we care about */ |
272 | if(regexec(&ireg, chld_out.line[i], 0, NULL, 0)==0){ | 272 | if (strncmp(PKGINST_PREFIX, chld_out.line[i], strlen(PKGINST_PREFIX)) == 0 && |
273 | (do_include == NULL || regexec(&ireg, chld_out.line[i], 0, NULL, 0) == 0)) { | ||
273 | /* if we're not excluding, or it's not in the | 274 | /* if we're not excluding, or it's not in the |
274 | * list of stuff to exclude */ | 275 | * list of stuff to exclude */ |
275 | if(do_exclude==NULL || | 276 | if(do_exclude==NULL || |
@@ -298,7 +299,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ | |||
298 | } | 299 | } |
299 | } | 300 | } |
300 | } | 301 | } |
301 | regfree(&ireg); | 302 | if (do_include != NULL) regfree(&ireg); |
302 | regfree(&sreg); | 303 | regfree(&sreg); |
303 | if(do_exclude!=NULL) regfree(&ereg); | 304 | if(do_exclude!=NULL) regfree(&ereg); |
304 | free(cmdline); | 305 | free(cmdline); |
@@ -348,15 +349,15 @@ char* add_to_regexp(char *expr, const char *next){ | |||
348 | char *re=NULL; | 349 | char *re=NULL; |
349 | 350 | ||
350 | if(expr==NULL){ | 351 | if(expr==NULL){ |
351 | re=malloc(sizeof(char)*(strlen("^Inst () ")+strlen(next)+1)); | 352 | re=malloc(sizeof(char)*(strlen("()")+strlen(next)+1)); |
352 | if(!re) die(STATE_UNKNOWN, "malloc failed!\n"); | 353 | if(!re) die(STATE_UNKNOWN, "malloc failed!\n"); |
353 | sprintf(re, "^Inst (%s) ", next); | 354 | sprintf(re, "(%s)", next); |
354 | } else { | 355 | } else { |
355 | /* resize it, adding an extra char for the new '|' separator */ | 356 | /* resize it, adding an extra char for the new '|' separator */ |
356 | re=realloc(expr, sizeof(char)*strlen(expr)+1+strlen(next)+1); | 357 | re=realloc(expr, sizeof(char)*(strlen(expr)+1+strlen(next)+1)); |
357 | if(!re) die(STATE_UNKNOWN, "realloc failed!\n"); | 358 | if(!re) die(STATE_UNKNOWN, "realloc failed!\n"); |
358 | /* append it starting at ')' in the old re */ | 359 | /* append it starting at ')' in the old re */ |
359 | sprintf((char*)(re+strlen(re)-2), "|%s) ", next); | 360 | sprintf((char*)(re+strlen(re)-1), "|%s)", next); |
360 | } | 361 | } |
361 | 362 | ||
362 | return re; | 363 | return re; |