summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_curl.c39
-rw-r--r--plugins/check_dns.c20
-rw-r--r--plugins/check_http.c15
3 files changed, 63 insertions, 11 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 2d69b310..8f274c26 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -296,6 +296,28 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
296#endif /* USE_OPENSSL */ 296#endif /* USE_OPENSSL */
297#endif /* HAVE_SSL */ 297#endif /* HAVE_SSL */
298 298
299/* returns a string "HTTP/1.x" or "HTTP/2" */
300static char *string_statuscode (int major, int minor)
301{
302 static char buf[10];
303
304 switch (major) {
305 case 1:
306 snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor);
307 break;
308 case 2:
309 case 3:
310 snprintf (buf, sizeof (buf), "HTTP/%d", major);
311 break;
312 default:
313 /* assuming here HTTP/N with N>=4 */
314 snprintf (buf, sizeof (buf), "HTTP/%d", major);
315 break;
316 }
317
318 return buf;
319}
320
299/* Checks if the server 'reply' is one of the expected 'statuscodes' */ 321/* Checks if the server 'reply' is one of the expected 'statuscodes' */
300static int 322static int
301expected_statuscode (const char *reply, const char *statuscodes) 323expected_statuscode (const char *reply, const char *statuscodes)
@@ -746,7 +768,8 @@ GOT_FIRST_CERT:
746 if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { 768 if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
747 snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", 769 snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
748 total_time, perfstring); 770 total_time, perfstring);
749 die (STATE_CRITICAL, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code, msg); 771 /* we cannot know the major/minor version here for sure as we cannot parse the first line */
772 die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
750 } 773 }
751 774
752 /* get result code from cURL */ 775 /* get result code from cURL */
@@ -823,8 +846,8 @@ GOT_FIRST_CERT:
823 846
824 /* check status codes, set exit status accordingly */ 847 /* check status codes, set exit status accordingly */
825 if( status_line.http_code != code ) { 848 if( status_line.http_code != code ) {
826 die (STATE_CRITICAL, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"), 849 die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"),
827 status_line.http_major, status_line.http_minor, 850 string_statuscode (status_line.http_major, status_line.http_minor),
828 status_line.http_code, status_line.msg, code); 851 status_line.http_code, status_line.msg, code);
829 } 852 }
830 853
@@ -895,8 +918,8 @@ GOT_FIRST_CERT:
895 msg[strlen(msg)-3] = '\0'; 918 msg[strlen(msg)-3] = '\0';
896 919
897 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ 920 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
898 die (result, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", 921 die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n",
899 state_text(result), status_line.http_major, status_line.http_minor, 922 state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
900 status_line.http_code, status_line.msg, 923 status_line.http_code, status_line.msg,
901 strlen(msg) > 0 ? " - " : "", 924 strlen(msg) > 0 ? " - " : "",
902 msg, page_len, total_time, 925 msg, page_len, total_time,
@@ -1041,7 +1064,7 @@ redir (curlhelp_write_curlbuf* header_buf)
1041 const UriPathSegmentA* p = uri.pathHead; 1064 const UriPathSegmentA* p = uri.pathHead;
1042 for (; p; p = p->next) { 1065 for (; p; p = p->next) {
1043 strncat (new_url, "/", DEFAULT_BUFFER_SIZE); 1066 strncat (new_url, "/", DEFAULT_BUFFER_SIZE);
1044 strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE); 1067 strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1);
1045 } 1068 }
1046 } 1069 }
1047 1070
@@ -1354,7 +1377,7 @@ process_arguments (int argc, char **argv)
1354 ssl_version = CURL_SSLVERSION_DEFAULT; 1377 ssl_version = CURL_SSLVERSION_DEFAULT;
1355#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ 1378#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
1356 else 1379 else
1357 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); 1380 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)"));
1358 } 1381 }
1359#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) 1382#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
1360 if (got_plus) { 1383 if (got_plus) {
@@ -1659,7 +1682,7 @@ print_help (void)
1659 printf (" %s\n", "-S, --ssl=VERSION[+]"); 1682 printf (" %s\n", "-S, --ssl=VERSION[+]");
1660 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); 1683 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1661 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); 1684 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
1662 printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); 1685 printf (" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted."));
1663 printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); 1686 printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
1664 printf (" %s\n", "--sni"); 1687 printf (" %s\n", "--sni");
1665 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1688 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index b90f50e6..0f2e6541 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -473,9 +473,23 @@ process_arguments (int argc, char **argv)
473 case 'a': /* expected address */ 473 case 'a': /* expected address */
474 if (strlen (optarg) >= ADDRESS_LENGTH) 474 if (strlen (optarg) >= ADDRESS_LENGTH)
475 die (STATE_UNKNOWN, _("Input buffer overflow\n")); 475 die (STATE_UNKNOWN, _("Input buffer overflow\n"));
476 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); 476 if (strchr(optarg, ',') != NULL) {
477 expected_address[expected_address_cnt] = strdup(optarg); 477 char *comma = strchr(optarg, ',');
478 expected_address_cnt++; 478 while (comma != NULL) {
479 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
480 expected_address[expected_address_cnt] = strndup(optarg, comma - optarg);
481 expected_address_cnt++;
482 optarg = comma + 1;
483 comma = strchr(optarg, ',');
484 }
485 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
486 expected_address[expected_address_cnt] = strdup(optarg);
487 expected_address_cnt++;
488 } else {
489 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
490 expected_address[expected_address_cnt] = strdup(optarg);
491 expected_address_cnt++;
492 }
479 break; 493 break;
480 case 'A': /* expect authority */ 494 case 'A': /* expect authority */
481 expect_authority = TRUE; 495 expect_authority = TRUE;
diff --git a/plugins/check_http.c b/plugins/check_http.c
index de59a068..e2298b17 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -931,6 +931,21 @@ check_http (void)
931 931
932 if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); 932 if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
933 asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); 933 asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
934 if (strlen(proxy_auth)) {
935 base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
936 xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
937 }
938 /* optionally send any other header tag */
939 if (http_opt_headers_count) {
940 for (i = 0; i < http_opt_headers_count ; i++) {
941 if (force_host_header != http_opt_headers[i]) {
942 xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
943 }
944 }
945 /* This cannot be free'd here because a redirection will then try to access this and segfault */
946 /* Covered in a testcase in tests/check_http.t */
947 /* free(http_opt_headers); */
948 }
934 asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); 949 asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
935 asprintf (&buf, "%sHost: %s\r\n", buf, host_name); 950 asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
936 /* we finished our request, send empty line with CRLF */ 951 /* we finished our request, send empty line with CRLF */