diff options
| author | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2008-09-02 03:42:16 +0000 |
|---|---|---|
| committer | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2008-09-02 03:42:16 +0000 |
| commit | a24c8f001fade8b136cb03781951d474b5e4456d (patch) | |
| tree | 78be19ea3784e20ad2c0a64823618fd3946da558 | |
| parent | 122610e3730b8dd4afb41dfa48e65ba75f5586fe (diff) | |
| download | monitoring-plugins-a24c8f001fade8b136cb03781951d474b5e4456d.tar.gz | |
Fix possible segfault in check_ntp_peer with deliberately invalid packets
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2052 f882894a-f735-0410-b71e-b25c423dba1c
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | plugins/check_ntp_peer.c | 3 |
2 files changed, 5 insertions, 1 deletions
| @@ -11,7 +11,8 @@ This file documents the major additions and syntax changes between releases. | |||
| 11 | check_icmp now supports packet size modification | 11 | check_icmp now supports packet size modification |
| 12 | check_http -e now accepts a comma-delimited list of expected status codes | 12 | check_http -e now accepts a comma-delimited list of expected status codes |
| 13 | libtap now included with this distribution for easier testing. Run ./configure with --enable-libtap | 13 | libtap now included with this distribution for easier testing. Run ./configure with --enable-libtap |
| 14 | check_ntp_peer/check_ntp_time used to show port in --help but ignored the argument - now implemented. | 14 | check_ntp_peer/check_ntp_time used to show port in --help but ignored the argument - now implemented |
| 15 | Fix possible segfault in check_ntp_peer with deliberately invalid packets | ||
| 15 | 16 | ||
| 16 | 1.4.12 27th May 2008 | 17 | 1.4.12 27th May 2008 |
| 17 | Added ./check_nt -v INSTANCES to count number of instances (Alessandro Ren) | 18 | Added ./check_nt -v INSTANCES to count number of instances (Alessandro Ren) |
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c index 72cec639..6a4401ca 100644 --- a/plugins/check_ntp_peer.c +++ b/plugins/check_ntp_peer.c | |||
| @@ -299,6 +299,9 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji | |||
| 299 | if(read(conn, &req, SIZEOF_NTPCM(req)) == -1) | 299 | if(read(conn, &req, SIZEOF_NTPCM(req)) == -1) |
| 300 | die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n"); | 300 | die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n"); |
| 301 | DBG(print_ntp_control_message(&req)); | 301 | DBG(print_ntp_control_message(&req)); |
| 302 | /* discard obviously invalid packets */ | ||
| 303 | if (ntohs(req.count) > MAX_CM_SIZE) | ||
| 304 | die(STATE_CRITICAL, "NTP CRITICAL: Invalid paclet received from NTP server\n"); | ||
| 302 | if (LI(req.flags) == LI_ALARM) li_alarm = 1; | 305 | if (LI(req.flags) == LI_ALARM) li_alarm = 1; |
| 303 | /* Each peer identifier is 4 bytes in the data section, which | 306 | /* Each peer identifier is 4 bytes in the data section, which |
| 304 | * we represent as a ntp_assoc_status_pair datatype. | 307 | * we represent as a ntp_assoc_status_pair datatype. |