16 files changed, 548 insertions, 253 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 3fde54d..ab59eb7 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -51,10 +51,10 @@ noinst_LIBRARIES = libnpcommon.a
 libnpcommon_a_SOURCES = utils.c netutils.c sslutils.c runcmd.c  \
        popen.c utils.h netutils.h popen.h common.h runcmd.c runcmd.h
-BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a
+BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a $(LIB_CRYPTO)
 NETOBJS = $(BASEOBJS) $(EXTRA_NETOBLS)
 NETLIBS = $(NETOBJS) $(SOCKETLIBS)
-SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS)
+SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS) $(LIB_CRYPTO)
 TESTS_ENVIRONMENT = perl -I $(top_builddir) -I $(top_srcdir)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index d7be575..fa982ae 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -1,32 +1,32 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_apt plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2006-2008 Monitoring Plugins Development Team
-* 
+*
 * Original author: Sean Finney
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_apt plugin
-* 
+*
 * Check for available updates in apt package management systems
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
 *****************************************************************************/
 const char *progname = "check_apt";
@@ -76,9 +76,9 @@ int cmpstringp(const void *p1, const void *p2);
 /* configuration variables */
 static int verbose = 0;      /* -v */
-static int list = 0;         /* list packages available for upgrade */
+static bool list = false;         /* list packages available for upgrade */
-static int do_update = 0;    /* whether to call apt-get update */
+static bool do_update = false;    /* whether to call apt-get update */
-static int only_critical = 0;    /* whether to warn about non-critical updates */
+static bool only_critical = false;    /* whether to warn about non-critical updates */
 static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
 static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
 static char *update_opts = NULL; /* options to override defaults for update */
@@ -119,7 +119,7 @@ int main (int argc, char **argv) {
        if(sec_count > 0){
                result = max_state(result, STATE_CRITICAL);
-        } else if(packages_available >= packages_warning && only_critical == 0){
+        } else if(packages_available >= packages_warning && only_critical == false){
                result = max_state(result, STATE_WARNING);
        } else if(result > STATE_UNKNOWN){
                result = STATE_UNKNOWN;
@@ -144,7 +144,7 @@ int main (int argc, char **argv) {
                for(i = 0; i < sec_count; i++)
                        printf("%s (security)\n", secpackages_list[i]);
-                if (only_critical == 0) {
+                if (only_critical == false) {
                        for(i = 0; i < packages_available - sec_count; i++)
                                printf("%s\n", packages_list[i]);
                }
@@ -166,7 +166,7 @@ int process_arguments (int argc, char **argv) {
                {"upgrade", optional_argument, 0, 'U'},
                {"no-upgrade", no_argument, 0, 'n'},
                {"dist-upgrade", optional_argument, 0, 'd'},
-                {"list", no_argument, 0, 'l'},
+                {"list", no_argument, false, 'l'},
                {"include", required_argument, 0, 'i'},
                {"exclude", required_argument, 0, 'e'},
                {"critical", required_argument, 0, 'c'},
@@ -212,14 +212,14 @@ int process_arguments (int argc, char **argv) {
                        upgrade=NO_UPGRADE;
                        break;
                case 'u':
-                        do_update=1;
+                        do_update=true;
                        if(optarg!=NULL){
                                update_opts=strdup(optarg);
                                if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
                        }
                        break;
                case 'l':
-                        list=1;
+                        list=true;
                        break;
                case 'i':
                        do_include=add_to_regexp(do_include, optarg);
@@ -231,7 +231,7 @@ int process_arguments (int argc, char **argv) {
                        do_critical=add_to_regexp(do_critical, optarg);
                        break;
                case 'o':
-                        only_critical=1;
+                        only_critical=true;
                        break;
                case INPUT_FILE_OPT:
                        input_filename = optarg;
@@ -269,7 +269,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                        die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf);
                }
        }
-   
        if(do_exclude!=NULL){
                regres=regcomp(&ereg, do_exclude, REG_EXTENDED);
                if(regres!=0) {
@@ -278,7 +278,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                            progname, rerrbuf);
                }
        }
-   
        const char *crit_ptr = (do_critical != NULL) ? do_critical : SECURITY_RE;
        regres=regcomp(&sreg, crit_ptr, REG_EXTENDED);
        if(regres!=0) {
@@ -295,7 +295,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                /* run the upgrade */
                result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
        }
-   
        /* apt-get upgrade only changes exit status if there is an
         * internal error when run in dry-run mode.  therefore we will
         * treat such an error as UNKNOWN */
@@ -371,7 +371,7 @@ int run_update(void){
        struct output chld_out, chld_err;
        char *cmdline;
-        /* run the upgrade */
+        /* run the update */
        cmdline = construct_cmdline(NO_UPGRADE, update_opts);
        result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
        /* apt-get update changes exit status if it can't fetch packages.
@@ -501,16 +501,6 @@ print_help (void)
  printf(UT_PLUG_TIMEOUT, timeout_interval);
-  printf (" %s\n", "-U, --upgrade=OPTS");
-  printf ("    %s\n", _("[Default] Perform an upgrade.  If an optional OPTS argument is provided,"));
-  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
-  printf ("    %s", _("default "));
-  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
-  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
-  printf ("    %s\n", _("the default options."));
-  printf (" %s\n", "-d, --dist-upgrade=OPTS");
-  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
-  printf ("    %s\n", _("can be provided to override the default options."));
  printf (" %s\n", "-n, --no-upgrade");
  printf ("    %s\n", _("Do not run the upgrade.  Probably not useful (without -u at least)."));
  printf (" %s\n", "-l, --list");
@@ -530,7 +520,7 @@ print_help (void)
  printf ("    %s\n", _("this REGEXP, the plugin will return CRITICAL status.  Can be specified"));
  printf ("    %s\n", _("multiple times like above.  Default is a regexp matching security"));
  printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
-  printf ("    \t\%s\n", SECURITY_RE);
+  printf ("    \t%s\n", SECURITY_RE);
  printf ("    %s\n", _("Note that the package must first match the include list before its"));
  printf ("    %s\n", _("information is compared against the critical list."));
  printf (" %s\n", "-o, --only-critical");
@@ -538,7 +528,7 @@ print_help (void)
  printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
  printf ("    %s\n", _("the plugin to return WARNING status."));
  printf (" %s\n", "-w, --packages-warning");
-  printf ("    %s\n", _("Minumum number of packages available for upgrade to return WARNING status."));
+  printf ("    %s\n", _("Minimum number of packages available for upgrade to return WARNING status."));
  printf ("    %s\n\n", _("Default is 1 package."));
  printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
@@ -547,6 +537,16 @@ print_help (void)
  printf ("    %s\n", _("the default options.  Note: you may also need to adjust the global"));
  printf ("    %s\n", _("timeout (with -t) to prevent the plugin from timing out if apt-get"));
  printf ("    %s\n", _("upgrade is expected to take longer than the default timeout."));
+  printf (" %s\n", "-U, --upgrade=OPTS");
+  printf ("    %s\n", _("Perform an upgrade. If an optional OPTS argument is provided,"));
+  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
+  printf ("    %s", _("default "));
+  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
+  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
+  printf ("    %s\n", _("the default options, which will only run a simulation and NOT perform the upgrade"));
+  printf (" %s\n", "-d, --dist-upgrade=OPTS");
+  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
+  printf ("    %s\n", _("can be provided to override the default options."));
  printf(UT_SUPPORT);
 }
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index a69854a..c6593df 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -476,6 +476,18 @@ check_http (void)
        printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache);
  }
+  // If server_address is an IPv6 address it must be surround by square brackets
+  struct in6_addr tmp_in_addr;
+  if (inet_pton(AF_INET6, server_address, &tmp_in_addr) == 1) {
+    char *new_server_address = malloc(strlen(server_address) + 3);
+    if (new_server_address == NULL) {
+      die(STATE_UNKNOWN, "HTTP UNKNOWN - Unable to allocate memory\n");
+    }
+    snprintf(new_server_address, strlen(server_address)+3, "[%s]", server_address);
+    free(server_address);
+    server_address = new_server_address;
+  }
  /* compose URL: use the address we want to connect to, set Host: header later */
  snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
      use_ssl ? "https" : "http",
@@ -999,10 +1011,12 @@ GOT_FIRST_CERT:
  result = max_state_alt(get_status(total_time, thlds), result);
  /* Cut-off trailing characters */
-  if(msg[strlen(msg)-2] == ',')
+  if (strlen(msg) >= 2) {
-    msg[strlen(msg)-2] = '\0';
+      if(msg[strlen(msg)-2] == ',')
-  else
+        msg[strlen(msg)-2] = '\0';
-    msg[strlen(msg)-3] = '\0';
+      else
+        msg[strlen(msg)-3] = '\0';
+    }
  /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
  die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
@@ -1666,7 +1680,7 @@ process_arguments (int argc, char **argv)
        curl_http_version = CURL_HTTP_VERSION_NONE;
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
      } else {
-        fprintf (stderr, "unkown http-version parameter: %s\n", optarg);
+        fprintf (stderr, "unknown http-version parameter: %s\n", optarg);
        exit (STATE_WARNING);
      }
      break;
@@ -2010,9 +2024,12 @@ curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *s
  curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream;
  while (buf->bufsize < buf->buflen + size * nmemb + 1) {
-    buf->bufsize *= buf->bufsize * 2;
+    buf->bufsize = buf->bufsize * 2;
    buf->buf = (char *)realloc (buf->buf, buf->bufsize);
-    if (buf->buf == NULL) return -1;
+    if (buf->buf == NULL) {
+      fprintf(stderr, "malloc failed (%d) %s\n", errno, strerror(errno));
+      return -1;
+    }
  }
  memcpy (buf->buf + buf->buflen, buffer, size * nmemb);
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index c1cfb13..d32841d 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -1017,7 +1017,7 @@ void
 print_usage (void)
 {
  printf ("%s\n", _("Usage:"));
-  printf (" %s -w limit -c limit [-W limit] [-K limit] {-p path | -x device}\n", progname);
+  printf (" %s {-w absolute_limit |-w  percentage_limit% | -W inode_percentage_limit } {-c absolute_limit|-c percentage_limit% | -K inode_percentage_limit } {-p path | -x device}\n", progname);
  printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]\n");
  printf ("[-t timeout] [-u unit] [-v] [-X type] [-N type]\n");
 }
@@ -1128,7 +1128,7 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
  p->dfree_units = p->available*fsp->fsu_blocksize/mult;
  p->dtotal_units = p->total*fsp->fsu_blocksize/mult;
  /* Free file nodes. Not sure the workaround is required, but in case...*/
-  p->inodes_free  = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail;
+  p->inodes_free  = fsp->fsu_ffree;
  p->inodes_free_to_root  = fsp->fsu_ffree; /* Free file nodes for root. */
  p->inodes_used = fsp->fsu_files - fsp->fsu_ffree;
  if (freespace_ignore_reserved) {
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index be9362a..db43316 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -492,7 +492,7 @@ void print_help (void) {
  printf (" %s\n", "-c, --critical=THRESHOLD");
  printf ("    %s\n", _("critical threshold pair"));
  printf (" %s\n", "-a, --alive");
-  printf ("    %s\n", _("Return OK after first successfull reply"));
+  printf ("    %s\n", _("Return OK after first successful reply"));
  printf (" %s\n", "-b, --bytes=INTEGER");
  printf ("    %s (default: %d)\n", _("size of ICMP packet"),PACKET_SIZE);
  printf (" %s\n", "-n, --number=INTEGER");
diff --git a/plugins/check_http.c b/plugins/check_http.c
index ff39c59..8dda046 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -31,13 +31,14 @@
 *
 *****************************************************************************/
-/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
 const char *progname = "check_http";
-const char *copyright = "1999-2013";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
+// Do NOT sort those headers, it will break the build
+// TODO: Fix this
 #include "common.h"
+#include "base64.h"
 #include "netutils.h"
 #include "utils.h"
 #include "base64.h"
@@ -57,8 +58,8 @@ enum {
 };
 #ifdef HAVE_SSL
-int check_cert = FALSE;
+bool check_cert = false;
-int continue_after_check_cert = FALSE;
+bool continue_after_check_cert = false;
 int ssl_version = 0;
 int days_till_exp_warn, days_till_exp_crit;
 char *randbuff;
@@ -69,7 +70,7 @@ X509 *server_cert;
 #  define my_recv(buf, len) read(sd, buf, len)
 #  define my_send(buf, len) send(sd, buf, len, 0)
 #endif /* HAVE_SSL */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 enum {
@@ -91,7 +92,7 @@ struct timeval tv_temp;
 #define HTTP_URL "/"
 #define CRLF "\r\n"
-int specify_port = FALSE;
+bool specify_port = false;
 int server_port = HTTP_PORT;
 int virtual_port = 0;
 char server_port_text[6] = "";
@@ -106,23 +107,21 @@ int server_expect_yn = 0;
 char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
 char header_expect[MAX_INPUT_BUFFER] = "";
 char string_expect[MAX_INPUT_BUFFER] = "";
-char output_header_search[30] = "";
-char output_string_search[30] = "";
 char *warning_thresholds = NULL;
 char *critical_thresholds = NULL;
 thresholds *thlds;
 char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
-int display_html = FALSE;
+bool display_html = false;
 char **http_opt_headers;
 int http_opt_headers_count = 0;
 int onredirect = STATE_OK;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
+bool use_ssl = false;
-int use_sni = FALSE;
+bool use_sni = false;
-int verbose = FALSE;
+bool verbose = false;
-int show_extended_perfdata = FALSE;
+bool show_extended_perfdata = false;
-int show_body = FALSE;
+bool show_body = false;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
@@ -136,10 +135,11 @@ char buffer[MAX_INPUT_BUFFER];
 char *client_cert = NULL;
 char *client_privkey = NULL;
-int process_arguments (int, char **);
+// Forward function declarations
+bool process_arguments (int, char **);
 int check_http (void);
 void redir (char *pos, char *status_line);
-int server_type_check(const char *type);
+bool server_type_check(const char *type);
 int server_port_check(int ssl_flag);
 char *perfd_time (double microsec);
 char *perfd_time_connect (double microsec);
@@ -150,6 +150,7 @@ char *perfd_time_transfer (double microsec);
 char *perfd_size (int page_len);
 void print_help (void);
 void print_usage (void);
+char *unchunk_content(const char *content);
 int
 main (int argc, char **argv)
@@ -169,10 +170,10 @@ main (int argc, char **argv)
  /* Parse extra opts if any */
  argv=np_extra_opts (&argc, argv, progname);
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
    usage4 (_("Could not parse arguments"));
-  if (display_html == TRUE)
+  if (display_html == true)
    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
      use_ssl ? "https" : "http", host_name ? host_name : server_address,
      server_port, server_url);
@@ -195,9 +196,11 @@ test_file (char *path)
  usage2 (_("file does not exist or is not readable"), path);
 }
-/* process command-line arguments */
+/*
-int
+ * process command-line arguments
-process_arguments (int argc, char **argv)
+ * returns true on succes, false otherwise
+  */
+bool process_arguments (int argc, char **argv)
 {
  int c = 1;
  char *p;
@@ -252,7 +255,7 @@ process_arguments (int argc, char **argv)
  };
  if (argc < 2)
-    return ERROR;
+    return false;
  for (c = 1; c < argc; c++) {
    if (strcmp ("-to", argv[c]) == 0)
@@ -308,10 +311,10 @@ process_arguments (int argc, char **argv)
      /* xasprintf (&http_opt_headers, "%s", optarg); */
      break;
    case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
      break;
    case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
      break;
    case 'C': /* Check SSL cert validity */
 #ifdef HAVE_SSL
@@ -332,12 +335,12 @@ process_arguments (int argc, char **argv)
          usage2 (_("Invalid certificate expiration period"), optarg);
        days_till_exp_warn = atoi (optarg);
      }
-      check_cert = TRUE;
+      check_cert = true;
      goto enable_ssl;
 #endif
    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
 #ifdef HAVE_SSL
-      continue_after_check_cert = TRUE;
+      continue_after_check_cert = true;
      break;
 #endif
    case 'J': /* use client certificate */
@@ -357,7 +360,7 @@ process_arguments (int argc, char **argv)
    enable_ssl:
      /* ssl_version initialized to 0 as a default. Only set if it's non-zero.  This helps when we include multiple
         parameters, like -S and -C combinations */
-      use_ssl = TRUE;
+      use_ssl = true;
      if (c=='S' && optarg != NULL) {
        int got_plus = strchr(optarg, '+') != NULL;
@@ -374,7 +377,7 @@ process_arguments (int argc, char **argv)
        else
          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
      }
-      if (specify_port == FALSE)
+      if (specify_port == false)
        server_port = HTTPS_PORT;
 #else
      /* -C -J and -K fall through to here without SSL */
@@ -382,7 +385,7 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case SNI_OPTION:
-      use_sni = TRUE;
+      use_sni = true;
      break;
    case MAX_REDIRS_OPTION:
      if (!is_intnonneg (optarg))
@@ -420,7 +423,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      } else if ((p = strchr (host_name, ':')) != NULL
@@ -430,7 +433,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      break;
@@ -446,7 +449,7 @@ process_arguments (int argc, char **argv)
        usage2 (_("Invalid port number"), optarg);
      else {
        server_port = atoi (optarg);
-        specify_port = TRUE;
+        specify_port = true;
      }
      break;
    case 'a': /* authorization info */
@@ -502,7 +505,7 @@ process_arguments (int argc, char **argv)
      if (errcode != 0) {
        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
      }
      break;
    case INVERT_REGEX:
@@ -519,7 +522,7 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case 'v': /* verbose */
-      verbose = TRUE;
+      verbose = true;
      break;
    case 'm': /* min_page_length */
      {
@@ -544,7 +547,7 @@ process_arguments (int argc, char **argv)
      break;
      }
    case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
      break;
    case 'M': /* max-age */
                  {
@@ -565,10 +568,10 @@ process_arguments (int argc, char **argv)
                  }
                  break;
    case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
      break;
    case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
      break;
    }
  }
@@ -605,7 +608,7 @@ process_arguments (int argc, char **argv)
  if (virtual_port == 0)
    virtual_port = server_port;
-  return TRUE;
+  return true;
 }
@@ -945,7 +948,7 @@ check_http (void)
    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-      && host_name != NULL && use_ssl == TRUE) {
+      && host_name != NULL && use_ssl == true) {
    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
@@ -979,7 +982,7 @@ check_http (void)
  }
 #ifdef HAVE_SSL
  elapsed_time_connect = (double)microsec_connect / 1.0e6;
-  if (use_ssl == TRUE) {
+  if (use_ssl == true) {
    gettimeofday (&tv_temp, NULL);
    result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
    if (verbose) printf ("SSL initialized\n");
@@ -987,9 +990,9 @@ check_http (void)
      die (STATE_CRITICAL, NULL);
    microsec_ssl = deltime (tv_temp);
    elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
-    if (check_cert == TRUE) {
+    if (check_cert == true) {
      result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      if (continue_after_check_cert == FALSE) {
+      if (continue_after_check_cert == false) {
        if (sd) close(sd);
        np_net_ssl_cleanup();
        return result;
@@ -999,7 +1002,7 @@ check_http (void)
 #endif /* HAVE_SSL */
  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-       && host_name != NULL && use_ssl == TRUE)
+       && host_name != NULL && use_ssl == true)
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
  else
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
@@ -1027,10 +1030,10 @@ check_http (void)
       * 14.23).  Some server applications/configurations cause trouble if the
       * (default) port is explicitly specified in the "Host:" header line.
       */
-      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
+      if ((use_ssl == false && virtual_port == HTTP_PORT) ||
-          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
+          (use_ssl == true && virtual_port == HTTPS_PORT) ||
          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
-         && host_name != NULL && use_ssl == TRUE))
+         && host_name != NULL && use_ssl == true))
        xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
      else
        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
@@ -1070,9 +1073,8 @@ check_http (void)
    }
    xasprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, (int)strlen (http_post_data));
-    xasprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
+    xasprintf (&buf, "%s%s", buf, http_post_data);
-  }
+  } else {
-  else {
    /* or just a newline so the server knows we're done with the request */
    xasprintf (&buf, "%s%s", buf, CRLF);
  }
@@ -1096,9 +1098,14 @@ check_http (void)
      *pos = ' ';
    }
    buffer[i] = '\0';
-    xasprintf (&full_page_new, "%s%s", full_page, buffer);
-    free (full_page);
+    if ((full_page_new = realloc(full_page, pagesize + i + 1)) == NULL)
+        die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate memory for full_page\n"));
+    memmove(&full_page_new[pagesize], buffer, i + 1);
    full_page = full_page_new;
    pagesize += i;
                if (no_body && document_headers_done (full_page)) {
@@ -1110,25 +1117,7 @@ check_http (void)
  elapsed_time_transfer = (double)microsec_transfer / 1.0e6;
  if (i < 0 && errno != ECONNRESET) {
-#ifdef HAVE_SSL
+    die(STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-    /*
-    if (use_ssl) {
-      sslerr=SSL_get_error(ssl, i);
-      if ( sslerr == SSL_ERROR_SSL ) {
-        die (STATE_WARNING, _("HTTP WARNING - Client Certificate Required\n"));
-      } else {
-        die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-      }
-    }
-    else {
-    */
-#endif
-      die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-#ifdef HAVE_SSL
-      /* XXX
-    }
-    */
-#endif
  }
  /* return a CRITICAL status if we couldn't read any data */
@@ -1253,32 +1242,73 @@ check_http (void)
  }
  /* Page and Header content checks go here */
-  if (strlen (header_expect)) {
+  if (strlen(header_expect) > 0) {
-    if (!strstr (header, header_expect)) {
+    if (strstr(header, header_expect) == NULL) {
-      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+      // We did not find the header, the rest is for building the output and setting the state
-      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
+      char output_header_search[30] = "";
-        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+      strncpy(&output_header_search[0], header_expect,
+              sizeof(output_header_search));
+      if (output_header_search[sizeof(output_header_search) - 1] != '\0') {
+        bcopy("...",
+            &output_header_search[sizeof(output_header_search) - 4],
+            4);
      }
-      xasprintf (&msg, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      xasprintf (&msg,
+          _("%sheader '%s' not found on '%s://%s:%d%s', "),
+          msg,
+          output_header_search, use_ssl ? "https" : "http",
+          host_name ? host_name : server_address, server_port,
+          server_url);
      result = STATE_CRITICAL;
    }
  }
+  // At this point we should test if the content is chunked and unchunk it, so
+  // it can be searched (and possibly printed)
+  const char *chunked_header_regex_string = "Transfer-Encoding: *chunked *";
+  regex_t chunked_header_regex;
+  if (regcomp(&chunked_header_regex, chunked_header_regex_string, REG_ICASE)) {
+    die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to compile chunked_header_regex regex");
+  }
+  regmatch_t chre_pmatch[1]; // We actually do not care about this, since we only want to know IF it was found
+  if (regexec(&chunked_header_regex, header, 1, chre_pmatch, 0) == 0) {
+    if (verbose) {
+      printf("Found chunked content\n");
+    }
+    // We actually found the chunked header
+    char *tmp = unchunk_content(page);
+    if (tmp == NULL) {
+      die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to unchunk message body");
+    }
+    page = tmp;
+  }
-  if (strlen (string_expect)) {
+  if (strlen(string_expect) > 0) {
-    if (!strstr (page, string_expect)) {
+    if (!strstr(page, string_expect)) {
-      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+      // We found the string the body, the rest is for building the output
-      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
+      char output_string_search[30] = "";
-        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+      strncpy(&output_string_search[0], string_expect,
+              sizeof(output_string_search));
+      if (output_string_search[sizeof(output_string_search) - 1] != '\0') {
+        bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+              4);
      }
      xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
      result = STATE_CRITICAL;
    }
  }
-  if (strlen (regexp)) {
+  if (strlen(regexp) > 0) {
-    errcode = regexec (&preg, page, REGS, pmatch, 0);
+    errcode = regexec(&preg, page, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && invert_regex == 0) ||
+        (errcode == REG_NOMATCH && invert_regex == 1)) {
      /* OK - No-op to avoid changing the logic around it */
      result = max_state_alt(STATE_OK, result);
    }
@@ -1330,7 +1360,7 @@ check_http (void)
           perfd_time (elapsed_time),
           perfd_size (page_len),
           perfd_time_connect (elapsed_time_connect),
-           use_ssl == TRUE ? perfd_time_ssl (elapsed_time_ssl) : "",
+           use_ssl == true ? perfd_time_ssl (elapsed_time_ssl) : "",
           perfd_time_headers (elapsed_time_headers),
           perfd_time_firstbyte (elapsed_time_firstbyte),
           perfd_time_transfer (elapsed_time_transfer));
@@ -1352,7 +1382,95 @@ check_http (void)
  return STATE_UNKNOWN;
 }
+/* Receivces a pointer to the beginning of the body of a HTTP message
+ * which is chunked and returns a pointer to a freshly allocated memory
+ * region containing the unchunked body or NULL if something failed.
+ * The result must be freed by the caller.
+ */
+char *unchunk_content(const char *content) {
+  // https://en.wikipedia.org/wiki/Chunked_transfer_encoding
+  // https://www.rfc-editor.org/rfc/rfc7230#section-4.1
+  char *result = NULL;
+  size_t content_length = strlen(content);
+  char *start_of_chunk;
+  char* end_of_chunk;
+  long size_of_chunk;
+  const char *pointer = content;
+  char *endptr;
+  long length_of_chunk = 0;
+  size_t overall_size = 0;
+  while (true) {
+    size_of_chunk = strtol(pointer, &endptr, 16);
+    if (size_of_chunk == LONG_MIN || size_of_chunk == LONG_MAX) {
+      // Apparently underflow or overflow, should not happen
+      if (verbose) {
+        printf("Got an underflow or overflow from strtol at: %u\n", __LINE__);
+      }
+      return NULL;
+    }
+    if (endptr == pointer) {
+      // Apparently this was not a number
+      if (verbose) {
+        printf("Chunked content did not start with a number at all (Line: %u)\n", __LINE__);
+      }
+      return NULL;
+    }
+    // So, we got the length of the chunk
+    if (*endptr == ';') {
+      // Chunk extension starts here
+      while (*endptr != '\r') {
+        endptr++;
+      }
+    }
+    start_of_chunk = endptr + 2;
+    end_of_chunk = start_of_chunk + size_of_chunk;
+    length_of_chunk = (long)(end_of_chunk - start_of_chunk);
+    pointer = end_of_chunk + 2; //Next number should be here
+    if (length_of_chunk == 0) {
+      // Chunk length is 0, so this is the last one
+      break;
+    }
+    overall_size += length_of_chunk;
+    if (result == NULL) {
+      // Size of the chunk plus the ending NULL byte
+      result = (char *)malloc(length_of_chunk +1);
+      if (result == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      }
+    } else {
+      // Enlarge memory to the new size plus the ending NULL byte
+      void *tmp = realloc(result, overall_size +1);
+      if (tmp == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      } else {
+        result = tmp;
+      }
+    }
+    memcpy(result + (overall_size - size_of_chunk), start_of_chunk, size_of_chunk);
+  }
+  if (overall_size == 0 && result == NULL) {
+    // We might just have received the end chunk without previous content, so result is never allocated
+    result = calloc(1, sizeof(char));
+    // No error handling here, we can only return NULL anyway
+  } else {
+    result[overall_size] = '\0';
+  }
+  return result;
+}
 /* per RFC 2396 */
 #define URI_HTTP "%5[HTPShtps]"
@@ -1525,13 +1643,13 @@ redir (char *pos, char *status_line)
 }
-int
+bool
 server_type_check (const char *type)
 {
  if (strcmp (type, "https"))
-    return FALSE;
+    return false;
  else
-    return TRUE;
+    return true;
 }
 int
@@ -1546,42 +1664,42 @@ server_port_check (int ssl_flag)
 char *perfd_time (double elapsed_time)
 {
  return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+                   true, 0, true, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_size (int page_len)
 {
  return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?true:false), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
+            (min_page_len>0?true:false), 0,
-            TRUE, 0, FALSE, 0);
+            true, 0, false, 0);
 }
 void
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index c893386..c26cd43 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -69,7 +69,6 @@ int process_arguments (int, char **);
 int validate_arguments (void);
 void print_usage (void);
 void print_help (void);
-int is_pg_dbname (char *);
 int is_pg_logname (char *);
 int do_query (PGconn *, char *);
@@ -347,10 +346,10 @@ process_arguments (int argc, char **argv)
                                pgport = optarg;
                        break;
                case 'd':     /* database name */
-                        if (!is_pg_dbname (optarg)) /* checks length and valid chars */
+                        if (strlen(optarg) >= NAMEDATALEN) {
-                                usage2 (_("Database name is not valid"), optarg);
+                                usage2 (_("Database name exceeds the maximum length"), optarg);
-                        else /* we know length, and know optarg is terminated, so us strcpy */
+                        }
-                                snprintf(dbName, NAMEDATALEN, "%s", optarg);
+                        snprintf(dbName, NAMEDATALEN, "%s", optarg);
                        break;
                case 'l':     /* login name */
                        if (!is_pg_logname (optarg))
@@ -414,45 +413,6 @@ validate_arguments ()
        return OK;
 }
-/******************************************************************************
-@@-
-<sect3>
-<title>is_pg_dbname</title>
-<para>&PROTO_is_pg_dbname;</para>
-<para>Given a database name, this function returns TRUE if the string
-is a valid PostgreSQL database name, and returns false if it is
-not.</para>
-<para>Valid PostgreSQL database names are less than &NAMEDATALEN;
-characters long and consist of letters, numbers, and underscores. The
-first character cannot be a number, however.</para>
-</sect3>
-@@
-******************************************************************************/
-int
-is_pg_dbname (char *dbname)
-{
-        char txt[NAMEDATALEN];
-        char tmp[NAMEDATALEN];
-        if (strlen (dbname) > NAMEDATALEN - 1)
-                return (FALSE);
-        strncpy (txt, dbname, NAMEDATALEN - 1);
-        txt[NAMEDATALEN - 1] = 0;
-        if (sscanf (txt, "%[_a-zA-Z]%[^_a-zA-Z0-9-]", tmp, tmp) == 1)
-                return (TRUE);
-        if (sscanf (txt, "%[_a-zA-Z]%[_a-zA-Z0-9-]%[^_a-zA-Z0-9-]", tmp, tmp, tmp) ==
-                        2) return (TRUE);
-        return (FALSE);
-}
 /**
 the tango program should eventually create an entity here based on the
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 2601ccd..d3968a2 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -1,31 +1,31 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_snmp plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_snmp plugin
-* 
+*
 * Check status of remote machines and obtain system information via SNMP
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_snmp";
@@ -90,6 +90,7 @@ char *thisarg (char *str);
 char *nextarg (char *str);
 void print_usage (void);
 void print_help (void);
+char *multiply (char *str);
 #include "regex.h"
 char regex_expect[MAX_INPUT_BUFFER] = "";
@@ -154,6 +155,8 @@ double *previous_value;
 size_t previous_size = OID_COUNT_STEP;
 int perf_labels = 1;
 char* ip_version = "";
+double multiplier = 1.0;
+char *fmtstr = "";
 static char *fix_snmp_range(char *th)
 {
@@ -316,7 +319,7 @@ main (int argc, char **argv)
        for (i = 0; i < numcontext; i++) {
                command_line[10 + i] = contextargs[i];
        }
-        
        for (i = 0; i < numauthpriv; i++) {
                command_line[10 + numcontext + i] = authpriv[i];
        }
@@ -330,7 +333,7 @@ main (int argc, char **argv)
        for (i = 0; i < numoids; i++) {
                command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i];
-                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);   
+                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);
        }
        command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL;
@@ -398,15 +401,15 @@ main (int argc, char **argv)
                is_counter=0;
                /* We strip out the datatype indicator for PHBs */
                if (strstr (response, "Gauge: ")) {
-                        show = strstr (response, "Gauge: ") + 7;
+                        show = multiply (strstr (response, "Gauge: ") + 7);
-                } 
+                }
                else if (strstr (response, "Gauge32: ")) {
-                        show = strstr (response, "Gauge32: ") + 9;
+                        show = multiply (strstr (response, "Gauge32: ") + 9);
-                } 
+                }
                else if (strstr (response, "Counter32: ")) {
                        show = strstr (response, "Counter32: ") + 11;
                        is_counter=1;
-                        if(!calculate_rate) 
+                        if(!calculate_rate)
                                strcpy(type, "c");
                }
                else if (strstr (response, "Counter64: ")) {
@@ -416,7 +419,10 @@ main (int argc, char **argv)
                                strcpy(type, "c");
                }
                else if (strstr (response, "INTEGER: ")) {
-                        show = strstr (response, "INTEGER: ") + 9;
+                        show = multiply (strstr (response, "INTEGER: ") + 9);
+                        if (fmtstr != "") {
+                                conv = fmtstr;
+                        }
                }
                else if (strstr (response, "OID: ")) {
                        show = strstr (response, "OID: ") + 5;
@@ -616,7 +622,7 @@ main (int argc, char **argv)
                state_string=malloc(string_length);
                if(state_string==NULL)
                        die(STATE_UNKNOWN, _("Cannot malloc"));
-                
                current_length=0;
                for(i=0; i<total_oids; i++) {
                        xasprintf(&temp_string,"%.0f",response_value[i]);
@@ -638,7 +644,7 @@ main (int argc, char **argv)
                state_string[--current_length]='\0';
                if (verbose > 2)
                        printf("State string=%s\n",state_string);
-                
                /* This is not strictly the same as time now, but any subtle variations will cancel out */
                np_state_write_string(current_time, state_string );
                if(previous_state==NULL) {
@@ -698,6 +704,8 @@ process_arguments (int argc, char **argv)
                {"perf-oids", no_argument, 0, 'O'},
                {"ipv4", no_argument, 0, '4'},
                {"ipv6", no_argument, 0, '6'},
+                {"multiplier", required_argument, 0, 'M'},
+                {"fmtstr", required_argument, 0, 'f'},
                {0, 0, 0, 0}
        };
@@ -715,7 +723,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:z:",
+                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:M:f:z:",
                                                                         longopts, &option);
                if (c == -1 || c == EOF)
@@ -953,6 +961,16 @@ process_arguments (int argc, char **argv)
                        if(verbose>2)
                                printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
                        break;
+                case 'M':
+                        if ( strspn( optarg, "0123456789.," ) == strlen( optarg ) ) {
+                                multiplier=strtod(optarg,NULL);
+                        }
+                        break;
+                case 'f':
+                        if (multiplier != 1.0) {
+                                fmtstr=optarg;
+                        }
+                        break;
                }
        }
@@ -1022,7 +1040,7 @@ validate_arguments ()
                        contextargs[0] = strdup ("-n");
                        contextargs[1] = strdup (context);
                }
-                
                if (seclevel == NULL)
                        xasprintf(&seclevel, "noAuthNoPriv");
@@ -1143,6 +1161,44 @@ nextarg (char *str)
+/* multiply result (values 0 < n < 1 work as divider) */
+char *
+multiply (char *str)
+{
+        char *endptr;
+        double val;
+        char *conv = "%f";
+        if(verbose>2)
+                printf("    multiply input: %s\n", str);
+        val = strtod (str, &endptr);
+        if ((val == 0.0) && (endptr == str)) {
+                if(multiplier != 1) {
+                        die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
+                }
+                return str;
+        }
+        if(verbose>2)
+                printf("    multiply extracted double: %f\n", val);
+        val *= multiplier;
+        if (fmtstr != "") {
+                conv = fmtstr;
+        }
+        if (val == (int)val) {
+                sprintf(str, "%.0f", val);
+        } else {
+                if(verbose>2)
+                        printf("    multiply using format: %s\n", conv);
+                sprintf(str, conv, val);
+        }
+        if(verbose>2)
+                printf("    multiply result: %s\n", str);
+        return str;
+}
 void
 print_help (void)
 {
@@ -1235,6 +1291,10 @@ print_help (void)
        printf ("    %s\n", _("Units label(s) for output data (e.g., 'sec.')."));
        printf (" %s\n", "-D, --output-delimiter=STRING");
        printf ("    %s\n", _("Separates output on multiple OID requests"));
+        printf (" %s\n", "-M, --multiplier=FLOAT");
+        printf ("    %s\n", _("Multiplies current value, 0 < n < 1 works as divider, defaults to 1"));
+        printf (" %s\n", "-f, --fmtstr=STRING");
+        printf ("    %s\n", _("C-style format string for float values (see option -M)"));
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
        printf ("    %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5"));
@@ -1287,4 +1347,5 @@ print_usage (void)
        printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
        printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
+        printf ("[-M multiplier [-f format]]\n");
 }
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 286273f..666a012 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,16 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                return STATE_CRITICAL;
        }
        if (cert && privkey) {
-                SSL_CTX_use_certificate_chain_file(c, cert);
+#ifdef USE_OPENSSL
+                if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+#elif  USE_GNUTLS
+                if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+#else
+#error Unported for unknown SSL library
+#endif
+                        printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
+                        return STATE_CRITICAL;
+                }
                SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
                if (!SSL_CTX_check_private_key(c)) {
@@ -191,17 +200,6 @@ int np_net_ssl_read(void *buf, int num) {
        return SSL_read(s, buf, num);
 }
-int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
-#  ifdef USE_OPENSSL
-        X509 *certificate = NULL;
-        certificate=SSL_get_peer_certificate(s);
-        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
-#  else /* ifndef USE_OPENSSL */
-        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
-        return STATE_WARNING;
-#  endif /* USE_OPENSSL */
-}
 int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
        X509_NAME *subj=NULL;
@@ -328,4 +326,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int
 #  endif /* USE_OPENSSL */
 }
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+        X509 *certificate = NULL;
+        certificate=SSL_get_peer_certificate(s);
+        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
 #endif /* HAVE_SSL */
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
index 693f4b2..eae98cc 100644
--- a/plugins/t/check_curl.t
+++ b/plugins/t/check_curl.t
@@ -1,15 +1,22 @@
 #! /usr/bin/perl -w -I ..
 #
-# HyperText Transfer Protocol (HTTP) Test via check_http
+# HyperText Transfer Protocol (HTTP) Test via check_curl
 #
 #
 use strict;
 use Test::More;
 use POSIX qw/mktime strftime/;
-use NPTest;
-plan tests => 57;
+use vars qw($tests $has_ipv6);
+BEGIN {
+    use NPTest;
+    $has_ipv6 = NPTest::has_ipv6();
+    $tests = $has_ipv6 ? 59 : 57;
+    plan tests => $tests;
+}
 my $successOutput = '/OK.*HTTP.*second/';
@@ -18,6 +25,7 @@ my $plugin = 'check_http';
 $plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
 my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tcp_http_ipv6      = getTestParameter("NP_HOST_TCP_HTTP_IPV6", "An IPv6 address providing a HTTP Service (a web server)", "::1");
 my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
 my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
 my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
@@ -31,26 +39,35 @@ my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600"
+    "./$plugin $host_tcp_http -wt 300 -ct 600"
-        );
+    );
 cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
 like( $res->output, $successOutput, "Output OK" );
+if ($has_ipv6) {
+    # Test for IPv6 formatting
+    $res = NPTest->testCmd(
+        "./$plugin -I $host_tcp_http_ipv6 -wt 300 -ct 600"
+        );
+    cmp_ok( $res->return_code, '==', 0, "IPv6 URL formatting is working" );
+    like( $res->output, $successOutput, "Output OK" );
+}
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+    "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
-        );
+    );
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 $res = NPTest->testCmd(
-        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
+    "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
-        );
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
 # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
 like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK");
 $res = NPTest->testCmd(
-        "./$plugin $hostname_invalid -wt 1 -ct 2"
+    "./$plugin $hostname_invalid -wt 1 -ct 2"
-        );
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # The first part of the message comes from the OS catalogue, so cannot check this.
 # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 0c86622..1ca52f6 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -103,7 +103,7 @@ SKIP: {
        cmp_ok( $res->return_code, "==", 0, "And also when not found");
 }
 SKIP: {
-        skip "No internet access", 23 if $internet_access eq "no";
+        skip "No internet access", 22 if $internet_access eq "no";
        $res = NPTest->testCmd(
                "./$plugin --ssl $host_tls_http"
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index aa72ef6..72f2b7c 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -21,7 +21,7 @@ use FindBin qw($Bin);
 $ENV{'LC_TIME'} = "C";
-my $common_tests = 72;
+my $common_tests = 73;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -200,6 +200,14 @@ sub run_server {
                                $c->send_basic_header;
                                $c->send_crlf;
                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                        } elsif ($r->url->path eq "/chunked") {
+                                my $chunks = ["chunked", "encoding", "test\n"];
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                        my $chunk = shift @{$chunks};
+                                        return unless $chunk;
+                                        sleep(1);
+                                        return($chunk);
+                                }));
                        } else {
                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
                        }
@@ -472,7 +480,8 @@ sub run_common_tests {
                local $SIG{ALRM} = sub { die "alarm\n" };
                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0);       };
+        };
+        alarm(0);
        isnt( $@, "alarm\n", $cmd );
        is( $result->return_code, 0, $cmd );
@@ -482,7 +491,8 @@ sub run_common_tests {
                local $SIG{ALRM} = sub { die "alarm\n" };
                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0); };
+        };
+        alarm(0);
        isnt( $@, "alarm\n", $cmd );
        isnt( $result->return_code, 0, $cmd );
@@ -508,4 +518,9 @@ sub run_common_tests {
        };
        is( $@, "", $cmd );
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index ea11b2a..6078b27 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -9,12 +9,14 @@ use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use IO::Socket::INET;
 $ENV{'LC_TIME'} = "C";
-my $common_tests = 70;
+my $common_tests = 71;
 my $virtual_port_tests = 8;
 my $ssl_only_tests = 12;
+my $chunked_encoding_special_tests = 1;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
 plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
@@ -30,7 +32,7 @@ if ($@) {
        plan skip_all => "Missing required module for test: $@";
 } else {
        if (-x "./$plugin") {
-                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests + $chunked_encoding_special_tests;
        } else {
                plan skip_all => "No $plugin compiled";
        }
@@ -51,6 +53,7 @@ my $port_http = 50000 + int(rand(1000));
 my $port_https = $port_http + 1;
 my $port_https_expired = $port_http + 2;
 my $port_https_clientcert = $port_http + 3;
+my $port_hacked_http = $port_http + 4;
 # This array keeps sockets around for implementing timeouts
 my @persist;
@@ -72,6 +75,28 @@ if (!$pid) {
 }
 push @pids, $pid;
+# Fork the hacked HTTP server
+undef $pid;
+$pid = fork;
+defined $pid or die "Failed to fork";
+if (!$pid) {
+        # this is the fork
+        undef @pids;
+        my $socket = new IO::Socket::INET (
+                LocalHost => '0.0.0.0',
+                LocalPort => $port_hacked_http,
+                Proto => 'tcp',
+                Listen => 5,
+                Reuse => 1
+        );
+        die "cannot create socket $!n" unless $socket;
+        my $local_sock = $socket->sockport();
+        print "server waiting for client connection on port $local_sock\n";
+        run_hacked_http_server ( $socket );
+        die "hacked http server stopped";
+}
+push @pids, $pid;
 if (exists $servers->{https}) {
        # Fork a normal HTTPS server
        $pid = fork;
@@ -190,6 +215,14 @@ sub run_server {
                                        $c->send_basic_header;
                                        $c->send_crlf;
                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                                } elsif ($r->url->path eq "/chunked") {
+                                        my $chunks = ["chunked", "encoding", "test\n"];
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                                my $chunk = shift @{$chunks};
+                                                return unless $chunk;
+                                                sleep(1);
+                                                return($chunk);
+                                        }));
                                } else {
                                        $c->send_error(HTTP::Status->RC_FORBIDDEN);
                                }
@@ -199,6 +232,37 @@ sub run_server {
        }
 }
+sub run_hacked_http_server {
+        my $socket = shift;
+        # auto-flush on socket
+        $| = 1;
+        while(1)
+        {
+                # waiting for a new client connection
+                my $client_socket = $socket->accept();
+                # get information about a newly connected client
+                my $client_address = $client_socket->peerhost();
+                my $client_portn = $client_socket->peerport();
+                print "connection from $client_address:$client_portn";
+                # read up to 1024 characters from the connected client
+                my $data = "";
+                $client_socket->recv($data, 1024);
+                print "received data: $data";
+                # write response data to the connected client
+                $data = "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n";
+                $client_socket->send($data);
+                # notify client that response has been sent
+                shutdown($client_socket, 1);
+        }
+}
 END {
        foreach my $pid (@pids) {
                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
@@ -214,6 +278,7 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 my $result;
 my $command = "./$plugin -H 127.0.0.1";
+run_chunked_encoding_special_test( {command => "$command -p $port_hacked_http"});
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
@@ -497,4 +562,20 @@ sub run_common_tests {
        };
        is( $@, "", $cmd );
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+}
+sub run_chunked_encoding_special_test {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+        $cmd = "$command -u / -s 'ChunkedEncodingSpecialTest'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 0a77fa8..bc03ec6 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -9,7 +9,7 @@ use NPTest;
 use FindBin qw($Bin);
 use POSIX qw/strftime/;
-my $tests = 73;
+my $tests = 81;
 # Check that all dependent modules are available
 eval {
        require NetSNMP::OID;
@@ -57,9 +57,9 @@ if ($pid) {
        exec("snmpd -c tests/conf/snmpd.conf -C -f -r udp:$port_snmp");
 }
-END { 
+END {
        foreach my $pid (@pids) {
-                if ($pid) { print "Killing $pid\n"; kill "INT", $pid } 
+                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
        }
 };
@@ -268,3 +268,19 @@ like($res->output, '/SNMP WARNING - \d+ \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w 1,2 -c 1" );
 is($res->return_code, 2, "Multiple OIDs with some thresholds" );
 like($res->output, '/SNMP CRITICAL - \*\d+\* \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1;2 iso.3.6.1.4.1.8072.3.2.67.17=-4;;/', "Multiple OIDs with thresholds output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19");
+is($res->return_code, 0, "Test plain .1.3.6.1.4.1.8072.3.2.67.6 RC" );
+is($res->output,'SNMP OK - 42 | iso.3.6.1.4.1.8072.3.2.67.19=42 ', "Test plain value of .1.3.6.1.4.1.8072.3.2.67.1" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 -M .1");
+is($res->return_code, 0, "Test multiply RC" );
+is($res->output,'SNMP OK - 4.200000 | iso.3.6.1.4.1.8072.3.2.67.19=4.200000 ' , "Test multiply .1 output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' ");
+is($res->return_code, 0, "Test multiply RC + format" );
+is($res->output, 'SNMP OK - 4.20 | iso.3.6.1.4.1.8072.3.2.67.19=4.20 ', "Test multiply .1 output + format" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' -w 1");
+is($res->return_code, 1, "Test multiply RC + format + thresholds" );
+is($res->output, 'SNMP WARNING - *4.20* | iso.3.6.1.4.1.8072.3.2.67.19=4.20;1 ', "Test multiply .1 output + format + thresholds" );
diff --git a/plugins/tests/check_snmp_agent.pl b/plugins/tests/check_snmp_agent.pl
index 0e41d57..38912e9 100644
--- a/plugins/tests/check_snmp_agent.pl
+++ b/plugins/tests/check_snmp_agent.pl
@@ -32,11 +32,11 @@ my $multilin5 = 'And now have fun with with this: "C:\\"
 because we\'re not done yet!';
 # Next are arrays of indexes (Type, initial value and increments)
-# 0..16 <---- please update comment when adding/removing fields
+# 0..19 <---- please update comment when adding/removing fields
-my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR );
+my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER );
-my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6' );
+my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6', 42 );
 # undef increments are randomized
-my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef );
+my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef, 0 );
 # Number of elements in our OID
 my $oidelts;
diff --git a/plugins/utils.c b/plugins/utils.c
index f75cf03..b4214c6 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -615,9 +615,9 @@ char *perfdata_uint64 (const char *label,
        char *data = NULL;
        if (strpbrk (label, "'= "))
-                xasprintf (&data, "'%s'=%" PRId64 "%s;", label, val, uom);
+                xasprintf (&data, "'%s'=%" PRIu64 "%s;", label, val, uom);
        else
-                xasprintf (&data, "%s=%" PRId64 "%s;", label, val, uom);
+                xasprintf (&data, "%s=%" PRIu64 "%s;", label, val, uom);
        if (warnp)
                xasprintf (&data, "%s%" PRIu64 ";", data, warn);