diff options
author | Spenser Reinhardt <sreinhardt@nagios.com> | 2014-06-22 14:49:25 -0500 |
---|---|---|
committer | Jan Wagner <waja@cyconet.org> | 2014-06-28 18:18:28 +0200 |
commit | a04df3e1b67dc5eab3adc202cc89901f801cdeaa (patch) | |
tree | ff7ed2008fa2da800cf0f1aaabf545d79252b5a1 /plugins | |
parent | b61f51ad0291cf7051b6ea15ec8f8486f02443f9 (diff) | |
download | monitoring-plugins-a04df3e1b67dc5eab3adc202cc89901f801cdeaa.tar.gz |
plugins/check_ntp.c - Verify struct from response
Coverity 66524 - req.data is not neccessarily null terminated but still feed to printf statements. This both does that, and verifies the struct more so than before. - SR
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_ntp.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 0a7640a7..09a923eb 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c | |||
@@ -517,13 +517,14 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){ | |||
517 | double jitter_request(const char *host, int *status){ | 517 | double jitter_request(const char *host, int *status){ |
518 | int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; | 518 | int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; |
519 | int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; | 519 | int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; |
520 | int peers_size=0, peer_offset=0; | 520 | int peers_size=0, peer_offset=0, bytes_read=0; |
521 | ntp_assoc_status_pair *peers=NULL; | 521 | ntp_assoc_status_pair *peers=NULL; |
522 | ntp_control_message req; | 522 | ntp_control_message req; |
523 | const char *getvar = "jitter"; | 523 | const char *getvar = "jitter"; |
524 | double rval = 0.0, jitter = -1.0; | 524 | double rval = 0.0, jitter = -1.0; |
525 | char *startofvalue=NULL, *nptr=NULL; | 525 | char *startofvalue=NULL, *nptr=NULL; |
526 | void *tmp; | 526 | void *tmp; |
527 | int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2; | ||
527 | 528 | ||
528 | /* Long-winded explanation: | 529 | /* Long-winded explanation: |
529 | * Getting the jitter requires a number of steps: | 530 | * Getting the jitter requires a number of steps: |
@@ -608,7 +609,15 @@ double jitter_request(const char *host, int *status){ | |||
608 | 609 | ||
609 | req.count = htons(MAX_CM_SIZE); | 610 | req.count = htons(MAX_CM_SIZE); |
610 | DBG(printf("recieving READVAR response...\n")); | 611 | DBG(printf("recieving READVAR response...\n")); |
611 | read(conn, &req, SIZEOF_NTPCM(req)); | 612 | |
613 | /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/ | ||
614 | if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1) | ||
615 | die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno)); | ||
616 | if (bytes_read != ntp_cm_ints + req.count) | ||
617 | die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); | ||
618 | /* else null terminate */ | ||
619 | strncpy(req.data[req.count], "\0", 1); | ||
620 | |||
612 | DBG(print_ntp_control_message(&req)); | 621 | DBG(print_ntp_control_message(&req)); |
613 | 622 | ||
614 | if(req.op&REM_ERROR && strstr(getvar, "jitter")) { | 623 | if(req.op&REM_ERROR && strstr(getvar, "jitter")) { |