Merge branch 'master' into RincewindsHat-patch-1

author: Lorenz Kästle <lorenz.kaestle@netways.de> 2023-04-28 09:00:05 (GMT)
committer: Lorenz Kästle <lorenz.kaestle@netways.de> 2023-04-28 09:00:05 (GMT)
commit: 34c4d13edd8ece1e928c578974218c10d25600c4 (patch)
tree: 96eaf64dc46c8b785d437250d42471180597a699 /plugins/check_curl.c
parent: e4ddeb7bb722b50613108da1cb51a48e84068701 (diff)
parent: 7cb82e6486e662fa4d2530523787d3eced266545 (diff)
download: monitoring-plugins-34c4d13edd8ece1e928c578974218c10d25600c4.tar.gz
1 files changed, 40 insertions, 19 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index c37d45d..be5740d 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -55,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "uriparser/Uri.h"
 #include <arpa/inet.h>
+#include <netinet/in.h>
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 #include <openssl/opensslv.h>
@@ -384,8 +385,11 @@ int
 lookup_host (const char *host, char *buf, size_t buflen)
 {
  struct addrinfo hints, *res, *result;
+  char addrstr[100];
+  size_t addrstr_len;
  int errcode;
  void *ptr;
+  size_t buflen_remaining = buflen - 1;
  memset (&hints, 0, sizeof (hints));
  hints.ai_family = address_family;
@@ -395,26 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen)
  errcode = getaddrinfo (host, NULL, &hints, &result);
  if (errcode != 0)
    return errcode;
-  
+  strcpy(buf, "");
  res = result;
  while (res) {
-  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+    switch (res->ai_family) {
-  switch (res->ai_family) {
+      case AF_INET:
-    case AF_INET:
+        ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
-      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+        break;
-      break;
+      case AF_INET6:
-    case AF_INET6:
+        ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
-      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+        break;
-    break;
    }
-    inet_ntop (res->ai_family, ptr, buf, buflen);
-    if (verbose >= 1)
+    inet_ntop (res->ai_family, ptr, addrstr, 100);
+    if (verbose >= 1) {
      printf ("* getaddrinfo IPv%d address: %s\n",
-        res->ai_family == PF_INET6 ? 6 : 4, buf);
+        res->ai_family == PF_INET6 ? 6 : 4, addrstr);
+    }
+    // Append all IPs to buf as a comma-separated string
+    addrstr_len = strlen(addrstr);
+    if (buflen_remaining > addrstr_len + 1) {
+      if (buf[0] != '\0') {
+        strncat(buf, ",", buflen_remaining);
+        buflen_remaining -= 1;
+      }
+      strncat(buf, addrstr, buflen_remaining);
+      buflen_remaining -= addrstr_len;
+    }
    res = res->ai_next;
  }
-  
  freeaddrinfo(result);
  return 0;
@@ -445,7 +463,7 @@ check_http (void)
  int i;
  char *force_host_header = NULL;
  struct curl_slist *host = NULL;
-  char addrstr[100];
+  char addrstr[DEFAULT_BUFFER_SIZE/2];
  char dnscache[DEFAULT_BUFFER_SIZE];
  /* initialize curl */
@@ -497,7 +515,7 @@ check_http (void)
  // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
  if(use_ssl && host_name != NULL) {
-      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
+      if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
          server_address, res, gai_strerror (res));
        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
@@ -524,7 +542,7 @@ check_http (void)
  /* compose URL: use the address we want to connect to, set Host: header later */
  snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
      use_ssl ? "https" : "http",
-      use_ssl & host_name != NULL ? host_name : server_address,
+      ( use_ssl & ( host_name != NULL ) ) ? host_name : server_address,
      server_port,
      server_url
  );
@@ -600,7 +618,7 @@ check_http (void)
 #ifdef LIBCURL_FEATURE_SSL
-  /* set SSL version, warn about unsecure or unsupported versions */
+  /* set SSL version, warn about insecure or unsupported versions */
  if (use_ssl) {
    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
  }
@@ -792,6 +810,9 @@ check_http (void)
  /* free header and server IP resolve lists, we don't need it anymore */
  curl_slist_free_all (header_list); header_list = NULL;
  curl_slist_free_all (server_ips); server_ips = NULL;
+  if (host) {
+    curl_slist_free_all (host); host = NULL;
+  }
  /* Curl errors, result in critical Nagios state */
  if (res != CURLE_OK) {
@@ -965,7 +986,7 @@ GOT_FIRST_CERT:
        }
      } else {
        /* this is a specific code in the command line to
-         * be returned when a redirection is encoutered
+         * be returned when a redirection is encountered
         */
      }
      result = max_state_alt (onredirect, result);
@@ -2030,7 +2051,7 @@ print_usage (void)
  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport|curl>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
author	Lorenz Kästle <lorenz.kaestle@netways.de>	2023-04-28 09:00:05 (GMT)
committer	Lorenz Kästle <lorenz.kaestle@netways.de>	2023-04-28 09:00:05 (GMT)
commit	34c4d13edd8ece1e928c578974218c10d25600c4 (patch)
tree	96eaf64dc46c8b785d437250d42471180597a699 /plugins/check_curl.c
parent	e4ddeb7bb722b50613108da1cb51a48e84068701 (diff)
parent	7cb82e6486e662fa4d2530523787d3eced266545 (diff)
download	monitoring-plugins-34c4d13edd8ece1e928c578974218c10d25600c4.tar.gz

diff --git a/plugins/check_curl.c b/plugins/check_curl.c index c37d45d..be5740d 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c
@@ -55,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org";
55	#include "uriparser/Uri.h"	55	#include "uriparser/Uri.h"
56		56
57	#include <arpa/inet.h>	57	#include <arpa/inet.h>
		58	#include <netinet/in.h>
58		59
59	#if defined(HAVE_SSL) && defined(USE_OPENSSL)	60	#if defined(HAVE_SSL) && defined(USE_OPENSSL)
60	#include <openssl/opensslv.h>	61	#include <openssl/opensslv.h>
@@ -384,8 +385,11 @@ int
384	lookup_host (const char host, char buf, size_t buflen)	385	lookup_host (const char host, char buf, size_t buflen)
385	{	386	{
386	struct addrinfo hints, res, result;	387	struct addrinfo hints, res, result;
		388	char addrstr[100];
		389	size_t addrstr_len;
387	int errcode;	390	int errcode;
388	void *ptr;	391	void *ptr;
		392	size_t buflen_remaining = buflen - 1;
389		393
390	memset (&hints, 0, sizeof (hints));	394	memset (&hints, 0, sizeof (hints));
391	hints.ai_family = address_family;	395	hints.ai_family = address_family;
@@ -395,26 +399,40 @@ lookup_host (const char host, char buf, size_t buflen)
395	errcode = getaddrinfo (host, NULL, &hints, &result);	399	errcode = getaddrinfo (host, NULL, &hints, &result);
396	if (errcode != 0)	400	if (errcode != 0)
397	return errcode;	401	return errcode;
398		402
		403	strcpy(buf, "");
399	res = result;	404	res = result;
400		405
401	while (res) {	406	while (res) {
402	inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);	407	switch (res->ai_family) {
403	switch (res->ai_family) {	408	case AF_INET:
404	case AF_INET:	409	ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
405	ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;	410	break;
406	break;	411	case AF_INET6:
407	case AF_INET6:	412	ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
408	ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;	413	break;
409	break;
410	}	414	}
411	inet_ntop (res->ai_family, ptr, buf, buflen);	415
412	if (verbose >= 1)	416	inet_ntop (res->ai_family, ptr, addrstr, 100);
		417	if (verbose >= 1) {
413	printf ("* getaddrinfo IPv%d address: %s\n",	418	printf ("* getaddrinfo IPv%d address: %s\n",
414	res->ai_family == PF_INET6 ? 6 : 4, buf);	419	res->ai_family == PF_INET6 ? 6 : 4, addrstr);
		420	}
		421
		422	// Append all IPs to buf as a comma-separated string
		423	addrstr_len = strlen(addrstr);
		424	if (buflen_remaining > addrstr_len + 1) {
		425	if (buf[0] != '\0') {
		426	strncat(buf, ",", buflen_remaining);
		427	buflen_remaining -= 1;
		428	}
		429	strncat(buf, addrstr, buflen_remaining);
		430	buflen_remaining -= addrstr_len;
		431	}
		432
415	res = res->ai_next;	433	res = res->ai_next;
416	}	434	}
417		435
418	freeaddrinfo(result);	436	freeaddrinfo(result);
419		437
420	return 0;	438	return 0;
@@ -445,7 +463,7 @@ check_http (void)
445	int i;	463	int i;
446	char *force_host_header = NULL;	464	char *force_host_header = NULL;
447	struct curl_slist *host = NULL;	465	struct curl_slist *host = NULL;
448	char addrstr[100];	466	char addrstr[DEFAULT_BUFFER_SIZE/2];
449	char dnscache[DEFAULT_BUFFER_SIZE];	467	char dnscache[DEFAULT_BUFFER_SIZE];
450		468
451	/* initialize curl */	469	/* initialize curl */
@@ -497,7 +515,7 @@ check_http (void)
497		515
498	// fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy	516	// fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
499	if(use_ssl && host_name != NULL) {	517	if(use_ssl && host_name != NULL) {
500	if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {	518	if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
501	snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),	519	snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
502	server_address, res, gai_strerror (res));	520	server_address, res, gai_strerror (res));
503	die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);	521	die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
@@ -524,7 +542,7 @@ check_http (void)
524	/* compose URL: use the address we want to connect to, set Host: header later */	542	/* compose URL: use the address we want to connect to, set Host: header later */
525	snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",	543	snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
526	use_ssl ? "https" : "http",	544	use_ssl ? "https" : "http",
527	use_ssl & host_name != NULL ? host_name : server_address,	545	( use_ssl & ( host_name != NULL ) ) ? host_name : server_address,
528	server_port,	546	server_port,
529	server_url	547	server_url
530	);	548	);
@@ -600,7 +618,7 @@ check_http (void)
600		618
601	#ifdef LIBCURL_FEATURE_SSL	619	#ifdef LIBCURL_FEATURE_SSL
602		620
603	/* set SSL version, warn about unsecure or unsupported versions */	621	/* set SSL version, warn about insecure or unsupported versions */
604	if (use_ssl) {	622	if (use_ssl) {
605	handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");	623	handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
606	}	624	}
@@ -792,6 +810,9 @@ check_http (void)
792	/* free header and server IP resolve lists, we don't need it anymore */	810	/* free header and server IP resolve lists, we don't need it anymore */
793	curl_slist_free_all (header_list); header_list = NULL;	811	curl_slist_free_all (header_list); header_list = NULL;
794	curl_slist_free_all (server_ips); server_ips = NULL;	812	curl_slist_free_all (server_ips); server_ips = NULL;
		813	if (host) {
		814	curl_slist_free_all (host); host = NULL;
		815	}
795		816
796	/* Curl errors, result in critical Nagios state */	817	/* Curl errors, result in critical Nagios state */
797	if (res != CURLE_OK) {	818	if (res != CURLE_OK) {
@@ -965,7 +986,7 @@ GOT_FIRST_CERT:
965	}	986	}
966	} else {	987	} else {
967	/* this is a specific code in the command line to	988	/* this is a specific code in the command line to
968	* be returned when a redirection is encoutered	989	* be returned when a redirection is encountered
969	*/	990	*/
970	}	991	}
971	result = max_state_alt (onredirect, result);	992	result = max_state_alt (onredirect, result);
@@ -2030,7 +2051,7 @@ print_usage (void)
2030	printf (" %s -H <vhost> \| -I <IP-address> [-u <uri>] [-p <port>]\n",progname);	2051	printf (" %s -H <vhost> \| -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
2031	printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");	2052	printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
2032	printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");	2053	printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
2033	printf (" [-b proxy_auth] [-f <ok\|warning\|critcal\|follow\|sticky\|stickyport\|curl>]\n");	2054	printf (" [-b proxy_auth] [-f <ok\|warning\|critical\|follow\|sticky\|stickyport\|curl>]\n");
2034	printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> \| -R <case-insensitive regex>]\n");	2055	printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> \| -R <case-insensitive regex>]\n");
2035	printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4\|-6] [-N] [-M <age>]\n");	2056	printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4\|-6] [-N] [-M <age>]\n");
2036	printf (" [-A string] [-k string] [-S <version>] [--sni]\n");	2057	printf (" [-A string] [-k string] [-S <version>] [--sni]\n");