summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/utils_cmd.c3
-rw-r--r--plugins-root/check_dhcp.c2
-rw-r--r--plugins/check_apt.c3
-rw-r--r--plugins/check_dns.c18
-rw-r--r--plugins/check_http.c10
-rw-r--r--plugins/check_nt.c4
-rw-r--r--plugins/check_ntp.c13
-rw-r--r--plugins/check_real.c1
-rw-r--r--plugins/check_ssh.c24
-rw-r--r--plugins/check_tcp.c3
-rw-r--r--plugins/negate.c11
-rw-r--r--plugins/t/check_dns.t3
12 files changed, 72 insertions, 23 deletions
diff --git a/lib/utils_cmd.c b/lib/utils_cmd.c
index 4c6d0be1..9e214bd4 100644
--- a/lib/utils_cmd.c
+++ b/lib/utils_cmd.c
@@ -390,6 +390,9 @@ cmd_file_read ( char *filename, output *out, int flags)
390 390
391 if(out) 391 if(out)
392 out->lines = _cmd_fetch_output (fd, out, flags); 392 out->lines = _cmd_fetch_output (fd, out, flags);
393
394 if (close(fd) == -1)
395 die( STATE_UNKNOWN, _("Error closing %s: %s"), filename, strerror(errno) );
393 396
394 return 0; 397 return 0;
395} 398}
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c
index 1ec5c396..b69a10da 100644
--- a/plugins-root/check_dhcp.c
+++ b/plugins-root/check_dhcp.c
@@ -837,7 +837,7 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){
837 return ERROR; 837 return ERROR;
838 838
839 /* process all DHCP options present in the packet */ 839 /* process all DHCP options present in the packet */
840 for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){ 840 for(x=4;x<MAX_DHCP_OPTIONS_LENGTH-1;){
841 841
842 if((int)offer_packet->options[x]==-1) 842 if((int)offer_packet->options[x]==-1)
843 break; 843 break;
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index 4c76a512..07622c2f 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -223,6 +223,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
223 regex_t ireg, ereg, sreg; 223 regex_t ireg, ereg, sreg;
224 char *cmdline=NULL, rerrbuf[64]; 224 char *cmdline=NULL, rerrbuf[64];
225 225
226 /* initialize ereg as it is possible it is printed while uninitialized */
227 memset(&ereg, "\0", sizeof(ereg.buffer));
228
226 if(upgrade==NO_UPGRADE) return STATE_OK; 229 if(upgrade==NO_UPGRADE) return STATE_OK;
227 230
228 /* compile the regexps */ 231 /* compile the regexps */
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index eebe72cc..31a953d7 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -242,7 +242,23 @@ main (int argc, char **argv)
242 } 242 }
243 printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); 243 printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time);
244 printf (_(". %s returns %s"), query_address, address); 244 printf (_(". %s returns %s"), query_address, address);
245 printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); 245 if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) {
246 printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
247 TRUE, time_thresholds->warning->end,
248 TRUE, time_thresholds->critical->end,
249 TRUE, 0, FALSE, 0));
250 } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) {
251 printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
252 FALSE, 0,
253 TRUE, time_thresholds->critical->end,
254 TRUE, 0, FALSE, 0));
255 } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) {
256 printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
257 TRUE, time_thresholds->warning->end,
258 FALSE, 0,
259 TRUE, 0, FALSE, 0));
260 } else
261 printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0));
246 } 262 }
247 else if (result == STATE_WARNING) 263 else if (result == STATE_WARNING)
248 printf (_("DNS WARNING - %s\n"), 264 printf (_("DNS WARNING - %s\n"),
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 92861d97..51679975 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line)
1243 if (addr == NULL) 1243 if (addr == NULL)
1244 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); 1244 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n"));
1245 1245
1246 memset(addr, 0, MAX_IPV4_HOSTLENGTH);
1246 url = malloc (strcspn (pos, "\r\n")); 1247 url = malloc (strcspn (pos, "\r\n"));
1247 if (url == NULL) 1248 if (url == NULL)
1248 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); 1249 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
@@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line)
1333 max_depth, type, addr, i, url, (display_html ? "</A>" : "")); 1334 max_depth, type, addr, i, url, (display_html ? "</A>" : ""));
1334 1335
1335 if (server_port==i && 1336 if (server_port==i &&
1336 !strcmp(server_address, addr) && 1337 !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
1337 (host_name && !strcmp(host_name, addr)) && 1338 (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
1338 !strcmp(server_url, url)) 1339 !strcmp(server_url, url))
1339 die (STATE_WARNING, 1340 die (STATE_WARNING,
1340 _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), 1341 _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
@@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line)
1343 strcpy (server_type, type); 1344 strcpy (server_type, type);
1344 1345
1345 free (host_name); 1346 free (host_name);
1346 host_name = strdup (addr); 1347 host_name = strndup (addr, MAX_IPV4_HOSTLENGTH);
1347 1348
1348 if (!(followsticky & STICKY_HOST)) { 1349 if (!(followsticky & STICKY_HOST)) {
1349 free (server_address); 1350 free (server_address);
1350 server_address = strdup (addr); 1351 server_address = strndup (addr, MAX_IPV4_HOSTLENGTH);
1351 } 1352 }
1352 if (!(followsticky & STICKY_PORT)) { 1353 if (!(followsticky & STICKY_PORT)) {
1353 server_port = i; 1354 server_port = i;
@@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line)
1366 printf (_("Redirection to %s://%s:%d%s\n"), server_type, 1367 printf (_("Redirection to %s://%s:%d%s\n"), server_type,
1367 host_name ? host_name : server_address, server_port, server_url); 1368 host_name ? host_name : server_address, server_port, server_url);
1368 1369
1370 free(addr);
1369 check_http (); 1371 check_http ();
1370} 1372}
1371 1373
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index cacf6651..fefbfb7a 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -293,10 +293,10 @@ int main(int argc, char **argv){
293 293
294 /* Divisor should be 1048567, not 3044515, as we are measuring "Commit Charge" here, 294 /* Divisor should be 1048567, not 3044515, as we are measuring "Commit Charge" here,
295 which equals RAM + Pagefiles. */ 295 which equals RAM + Pagefiles. */
296 xasprintf(&output_message,_("Memory usage: total:%.2f Mb - used: %.2f Mb (%.0f%%) - free: %.2f Mb (%.0f%%)"), 296 xasprintf(&output_message,_("Memory usage: total:%.2f MB - used: %.2f MB (%.0f%%) - free: %.2f MB (%.0f%%)"),
297 mem_commitLimit / 1048567, mem_commitByte / 1048567, percent_used_space, 297 mem_commitLimit / 1048567, mem_commitByte / 1048567, percent_used_space,
298 (mem_commitLimit - mem_commitByte) / 1048567, (mem_commitLimit - mem_commitByte) / mem_commitLimit * 100); 298 (mem_commitLimit - mem_commitByte) / 1048567, (mem_commitLimit - mem_commitByte) / mem_commitLimit * 100);
299 xasprintf(&perfdata,_("'Memory usage'=%.2fMb;%.2f;%.2f;0.00;%.2f"), mem_commitByte / 1048567, 299 xasprintf(&perfdata,_("'Memory usage'=%.2fMB;%.2f;%.2f;0.00;%.2f"), mem_commitByte / 1048567,
300 warning_used_space / 1048567, critical_used_space / 1048567, mem_commitLimit / 1048567); 300 warning_used_space / 1048567, critical_used_space / 1048567, mem_commitLimit / 1048567);
301 301
302 return_code=STATE_OK; 302 return_code=STATE_OK;
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 0a7640a7..09a923eb 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -517,13 +517,14 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
517double jitter_request(const char *host, int *status){ 517double jitter_request(const char *host, int *status){
518 int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; 518 int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
519 int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; 519 int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
520 int peers_size=0, peer_offset=0; 520 int peers_size=0, peer_offset=0, bytes_read=0;
521 ntp_assoc_status_pair *peers=NULL; 521 ntp_assoc_status_pair *peers=NULL;
522 ntp_control_message req; 522 ntp_control_message req;
523 const char *getvar = "jitter"; 523 const char *getvar = "jitter";
524 double rval = 0.0, jitter = -1.0; 524 double rval = 0.0, jitter = -1.0;
525 char *startofvalue=NULL, *nptr=NULL; 525 char *startofvalue=NULL, *nptr=NULL;
526 void *tmp; 526 void *tmp;
527 int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2;
527 528
528 /* Long-winded explanation: 529 /* Long-winded explanation:
529 * Getting the jitter requires a number of steps: 530 * Getting the jitter requires a number of steps:
@@ -608,7 +609,15 @@ double jitter_request(const char *host, int *status){
608 609
609 req.count = htons(MAX_CM_SIZE); 610 req.count = htons(MAX_CM_SIZE);
610 DBG(printf("recieving READVAR response...\n")); 611 DBG(printf("recieving READVAR response...\n"));
611 read(conn, &req, SIZEOF_NTPCM(req)); 612
613 /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/
614 if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1)
615 die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno));
616 if (bytes_read != ntp_cm_ints + req.count)
617 die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count);
618 /* else null terminate */
619 strncpy(req.data[req.count], "\0", 1);
620
612 DBG(print_ntp_control_message(&req)); 621 DBG(print_ntp_control_message(&req));
613 622
614 if(req.op&REM_ERROR && strstr(getvar, "jitter")) { 623 if(req.op&REM_ERROR && strstr(getvar, "jitter")) {
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 47776c5b..36f64134 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -178,6 +178,7 @@ main (int argc, char **argv)
178 178
179 /* watch for the REAL connection string */ 179 /* watch for the REAL connection string */
180 result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0); 180 result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
181 buffer[result] = "\0"; /* null terminate recieved buffer */
181 182
182 /* return a CRITICAL status if we couldn't read any data */ 183 /* return a CRITICAL status if we couldn't read any data */
183 if (result == -1) { 184 if (result == -1) {
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index f4522e2b..b6187d61 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -46,6 +46,7 @@ const char *email = "devel@monitoring-plugins.org";
46int port = -1; 46int port = -1;
47char *server_name = NULL; 47char *server_name = NULL;
48char *remote_version = NULL; 48char *remote_version = NULL;
49char *remote_protocol = NULL;
49int verbose = FALSE; 50int verbose = FALSE;
50 51
51int process_arguments (int, char **); 52int process_arguments (int, char **);
@@ -53,7 +54,7 @@ int validate_arguments (void);
53void print_help (void); 54void print_help (void);
54void print_usage (void); 55void print_usage (void);
55 56
56int ssh_connect (char *haddr, int hport, char *remote_version); 57int ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol);
57 58
58 59
59 60
@@ -78,7 +79,7 @@ main (int argc, char **argv)
78 alarm (socket_timeout); 79 alarm (socket_timeout);
79 80
80 /* ssh_connect exits if error is found */ 81 /* ssh_connect exits if error is found */
81 result = ssh_connect (server_name, port, remote_version); 82 result = ssh_connect (server_name, port, remote_version, remote_protocol);
82 83
83 alarm (0); 84 alarm (0);
84 85
@@ -105,6 +106,7 @@ process_arguments (int argc, char **argv)
105 {"timeout", required_argument, 0, 't'}, 106 {"timeout", required_argument, 0, 't'},
106 {"verbose", no_argument, 0, 'v'}, 107 {"verbose", no_argument, 0, 'v'},
107 {"remote-version", required_argument, 0, 'r'}, 108 {"remote-version", required_argument, 0, 'r'},
109 {"remote-protcol", required_argument, 0, 'P'},
108 {0, 0, 0, 0} 110 {0, 0, 0, 0}
109 }; 111 };
110 112
@@ -116,7 +118,7 @@ process_arguments (int argc, char **argv)
116 strcpy (argv[c], "-t"); 118 strcpy (argv[c], "-t");
117 119
118 while (1) { 120 while (1) {
119 c = getopt_long (argc, argv, "+Vhv46t:r:H:p:", longopts, &option); 121 c = getopt_long (argc, argv, "+Vhv46t:r:H:p:P:", longopts, &option);
120 122
121 if (c == -1 || c == EOF) 123 if (c == -1 || c == EOF)
122 break; 124 break;
@@ -152,6 +154,9 @@ process_arguments (int argc, char **argv)
152 case 'r': /* remote version */ 154 case 'r': /* remote version */
153 remote_version = optarg; 155 remote_version = optarg;
154 break; 156 break;
157 case 'P': /* remote version */
158 remote_protocol = optarg;
159 break;
155 case 'H': /* host */ 160 case 'H': /* host */
156 if (is_host (optarg) == FALSE) 161 if (is_host (optarg) == FALSE)
157 usage2 (_("Invalid hostname/address"), optarg); 162 usage2 (_("Invalid hostname/address"), optarg);
@@ -206,7 +211,7 @@ validate_arguments (void)
206 211
207 212
208int 213int
209ssh_connect (char *haddr, int hport, char *remote_version) 214ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol)
210{ 215{
211 int sd; 216 int sd;
212 int result; 217 int result;
@@ -254,6 +259,14 @@ ssh_connect (char *haddr, int hport, char *remote_version)
254 exit (STATE_WARNING); 259 exit (STATE_WARNING);
255 } 260 }
256 261
262 if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
263 printf
264 (_("SSH WARNING - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
265 ssh_server, ssh_proto, remote_protocol);
266 close(sd);
267 exit (STATE_WARNING);
268 }
269
257 elapsed_time = (double)deltime(tv) / 1.0e6; 270 elapsed_time = (double)deltime(tv) / 1.0e6;
258 271
259 printf 272 printf
@@ -296,6 +309,9 @@ print_help (void)
296 printf (" %s\n", "-r, --remote-version=STRING"); 309 printf (" %s\n", "-r, --remote-version=STRING");
297 printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)")); 310 printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)"));
298 311
312 printf (" %s\n", "-P, --remote-protocol=STRING");
313 printf (" %s\n", _("Warn if protocol doesn't match expected protocol version (ex: 2.0)"));
314
299 printf (UT_VERBOSE); 315 printf (UT_VERBOSE);
300 316
301 printf (UT_SUPPORT); 317 printf (UT_SUPPORT);
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index b0459f2b..bd7736b5 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -32,13 +32,12 @@ char *progname;
32const char *copyright = "1999-2008"; 32const char *copyright = "1999-2008";
33const char *email = "devel@monitoring-plugins.org"; 33const char *email = "devel@monitoring-plugins.org";
34 34
35#include <ctype.h>
36
37#include "common.h" 35#include "common.h"
38#include "netutils.h" 36#include "netutils.h"
39#include "utils.h" 37#include "utils.h"
40#include "utils_tcp.h" 38#include "utils_tcp.h"
41 39
40#include <ctype.h>
42#include <sys/select.h> 41#include <sys/select.h>
43 42
44#ifdef HAVE_SSL 43#ifdef HAVE_SSL
diff --git a/plugins/negate.c b/plugins/negate.c
index 4bd09deb..beaed1ea 100644
--- a/plugins/negate.c
+++ b/plugins/negate.c
@@ -35,16 +35,16 @@ const char *email = "devel@monitoring-plugins.org";
35 35
36#define DEFAULT_TIMEOUT 11 36#define DEFAULT_TIMEOUT 11
37 37
38#include <ctype.h>
39
40#include "common.h" 38#include "common.h"
41#include "utils.h" 39#include "utils.h"
42#include "utils_cmd.h" 40#include "utils_cmd.h"
43 41
42#include <ctype.h>
43
44/* char *command_line; */ 44/* char *command_line; */
45 45
46static const char **process_arguments (int, char **); 46static const char **process_arguments (int, char **);
47int validate_arguments (char **); 47void validate_arguments (char **);
48void print_help (void); 48void print_help (void);
49void print_usage (void); 49void print_usage (void);
50int subst_text = FALSE; 50int subst_text = FALSE;
@@ -98,8 +98,7 @@ main (int argc, char **argv)
98 die (max_state_alt (result, STATE_UNKNOWN), _("No data returned from command\n")); 98 die (max_state_alt (result, STATE_UNKNOWN), _("No data returned from command\n"));
99 99
100 for (i = 0; i < chld_out.lines; i++) { 100 for (i = 0; i < chld_out.lines; i++) {
101 if (subst_text && result != state[result] && 101 if (subst_text && result >= 0 && result <= 4 && result != state[result]) {
102 result >= 0 && result <= 4) {
103 /* Loop over each match found */ 102 /* Loop over each match found */
104 while ((sub = strstr (chld_out.line[i], state_text (result)))) { 103 while ((sub = strstr (chld_out.line[i], state_text (result)))) {
105 /* Terminate the first part and skip over the string we'll substitute */ 104 /* Terminate the first part and skip over the string we'll substitute */
@@ -206,7 +205,7 @@ process_arguments (int argc, char **argv)
206} 205}
207 206
208 207
209int 208void
210validate_arguments (char **command_line) 209validate_arguments (char **command_line)
211{ 210{
212 if (command_line[0] == NULL) 211 if (command_line[0] == NULL)
diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t
index 2c903db9..4ff553f7 100644
--- a/plugins/t/check_dns.t
+++ b/plugins/t/check_dns.t
@@ -10,7 +10,7 @@ use NPTest;
10 10
11plan skip_all => "check_dns not compiled" unless (-x "check_dns"); 11plan skip_all => "check_dns not compiled" unless (-x "check_dns");
12 12
13plan tests => 13; 13plan tests => 14;
14 14
15my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/'; 15my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/';
16 16
@@ -54,6 +54,7 @@ cmp_ok( $res->return_code, '==', 2, "Critical threshold passed");
54 54
55$res = NPTest->testCmd("./check_dns -H $hostname_valid -t 5 -w 0 -c 5"); 55$res = NPTest->testCmd("./check_dns -H $hostname_valid -t 5 -w 0 -c 5");
56cmp_ok( $res->return_code, '==', 1, "Warning threshold passed"); 56cmp_ok( $res->return_code, '==', 1, "Warning threshold passed");
57like( $res->output, "/\|time=[\d\.]+s;0.0*;5\.0*;0\.0*/", "Output performance data OK" );
57 58
58$res = NPTest->testCmd("./check_dns -H $hostname_invalid -t 1"); 59$res = NPTest->testCmd("./check_dns -H $hostname_invalid -t 1");
59cmp_ok( $res->return_code, '==', 2, "Invalid $hostname_invalid"); 60cmp_ok( $res->return_code, '==', 2, "Invalid $hostname_invalid");