summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorSpenser Reinhardt <sreinhardt@nagios.com>2014-06-22 15:34:25 -0500
committerJan Wagner <waja@cyconet.org>2014-06-28 18:21:26 +0200
commit5866cb0a09876d6b2a84006bda8aa9de7ea467fd (patch)
tree5e188731874aa5ff73e8eb88e27c56028e3afa46 /plugins
parenta04df3e1b67dc5eab3adc202cc89901f801cdeaa (diff)
downloadmonitoring-plugins-5866cb0a09876d6b2a84006bda8aa9de7ea467fd.tar.gz
plugins/check_http.c - leakage fix
Coverity 66514 - Possible leakage and overflow with addr in redirect functionality. Not confirmed as null terminated, and externally gathered. Restrict string comparisons and duplications by size. - SR
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_http.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 92861d97..51679975 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line)
1243 if (addr == NULL) 1243 if (addr == NULL)
1244 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); 1244 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n"));
1245 1245
1246 memset(addr, 0, MAX_IPV4_HOSTLENGTH);
1246 url = malloc (strcspn (pos, "\r\n")); 1247 url = malloc (strcspn (pos, "\r\n"));
1247 if (url == NULL) 1248 if (url == NULL)
1248 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); 1249 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
@@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line)
1333 max_depth, type, addr, i, url, (display_html ? "</A>" : "")); 1334 max_depth, type, addr, i, url, (display_html ? "</A>" : ""));
1334 1335
1335 if (server_port==i && 1336 if (server_port==i &&
1336 !strcmp(server_address, addr) && 1337 !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
1337 (host_name && !strcmp(host_name, addr)) && 1338 (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
1338 !strcmp(server_url, url)) 1339 !strcmp(server_url, url))
1339 die (STATE_WARNING, 1340 die (STATE_WARNING,
1340 _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), 1341 _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
@@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line)
1343 strcpy (server_type, type); 1344 strcpy (server_type, type);
1344 1345
1345 free (host_name); 1346 free (host_name);
1346 host_name = strdup (addr); 1347 host_name = strndup (addr, MAX_IPV4_HOSTLENGTH);
1347 1348
1348 if (!(followsticky & STICKY_HOST)) { 1349 if (!(followsticky & STICKY_HOST)) {
1349 free (server_address); 1350 free (server_address);
1350 server_address = strdup (addr); 1351 server_address = strndup (addr, MAX_IPV4_HOSTLENGTH);
1351 } 1352 }
1352 if (!(followsticky & STICKY_PORT)) { 1353 if (!(followsticky & STICKY_PORT)) {
1353 server_port = i; 1354 server_port = i;
@@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line)
1366 printf (_("Redirection to %s://%s:%d%s\n"), server_type, 1367 printf (_("Redirection to %s://%s:%d%s\n"), server_type,
1367 host_name ? host_name : server_address, server_port, server_url); 1368 host_name ? host_name : server_address, server_port, server_url);
1368 1369
1370 free(addr);
1369 check_http (); 1371 check_http ();
1370} 1372}
1371 1373