summaryrefslogtreecommitdiffstats
path: root/plugins/check_ntp.c
diff options
context:
space:
mode:
authorSpenser Reinhardt <sreinhardt@nagios.com>2014-06-22 14:49:25 -0500
committerJan Wagner <waja@cyconet.org>2014-06-28 18:18:28 +0200
commita04df3e1b67dc5eab3adc202cc89901f801cdeaa (patch)
treeff7ed2008fa2da800cf0f1aaabf545d79252b5a1 /plugins/check_ntp.c
parentb61f51ad0291cf7051b6ea15ec8f8486f02443f9 (diff)
downloadmonitoring-plugins-a04df3e1b67dc5eab3adc202cc89901f801cdeaa.tar.gz
plugins/check_ntp.c - Verify struct from response
Coverity 66524 - req.data is not neccessarily null terminated but still feed to printf statements. This both does that, and verifies the struct more so than before. - SR
Diffstat (limited to 'plugins/check_ntp.c')
-rw-r--r--plugins/check_ntp.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 0a7640a7..09a923eb 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -517,13 +517,14 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
517double jitter_request(const char *host, int *status){ 517double jitter_request(const char *host, int *status){
518 int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; 518 int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
519 int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; 519 int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
520 int peers_size=0, peer_offset=0; 520 int peers_size=0, peer_offset=0, bytes_read=0;
521 ntp_assoc_status_pair *peers=NULL; 521 ntp_assoc_status_pair *peers=NULL;
522 ntp_control_message req; 522 ntp_control_message req;
523 const char *getvar = "jitter"; 523 const char *getvar = "jitter";
524 double rval = 0.0, jitter = -1.0; 524 double rval = 0.0, jitter = -1.0;
525 char *startofvalue=NULL, *nptr=NULL; 525 char *startofvalue=NULL, *nptr=NULL;
526 void *tmp; 526 void *tmp;
527 int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2;
527 528
528 /* Long-winded explanation: 529 /* Long-winded explanation:
529 * Getting the jitter requires a number of steps: 530 * Getting the jitter requires a number of steps:
@@ -608,7 +609,15 @@ double jitter_request(const char *host, int *status){
608 609
609 req.count = htons(MAX_CM_SIZE); 610 req.count = htons(MAX_CM_SIZE);
610 DBG(printf("recieving READVAR response...\n")); 611 DBG(printf("recieving READVAR response...\n"));
611 read(conn, &req, SIZEOF_NTPCM(req)); 612
613 /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/
614 if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1)
615 die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno));
616 if (bytes_read != ntp_cm_ints + req.count)
617 die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count);
618 /* else null terminate */
619 strncpy(req.data[req.count], "\0", 1);
620
612 DBG(print_ntp_control_message(&req)); 621 DBG(print_ntp_control_message(&req));
613 622
614 if(req.op&REM_ERROR && strstr(getvar, "jitter")) { 623 if(req.op&REM_ERROR && strstr(getvar, "jitter")) {