From dae075e65a38c65352d04f8c8fdfa21e2056d01c Mon Sep 17 00:00:00 2001 From: Florian Lohoff Date: Mon, 15 Feb 2021 15:34:07 +0100 Subject: Using snprintf which honors the buffers size and guarantees null termination. (Closes: #1601) As strcpy may overflow the resulting buffer: flo@p5:~$ /tmp/f/usr/lib/nagios/plugins/check_pgsql -d "$(seq 1 10000)" *** buffer overflow detected ***: terminated Aborted I would propose to change the code rather like this, using snprintf which honors the buffers size and guarantees null termination. --- plugins/check_pgsql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_pgsql.c') diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index 11ce6916..b8fc5f1d 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -347,7 +347,7 @@ process_arguments (int argc, char **argv) if (!is_pg_dbname (optarg)) /* checks length and valid chars */ usage2 (_("Database name is not valid"), optarg); else /* we know length, and know optarg is terminated, so us strcpy */ - strcpy (dbName, optarg); + snprintf(dbName, NAMEDATALEN, "%s", optarg); break; case 'l': /* login name */ if (!is_pg_logname (optarg)) -- cgit v1.2.3-74-g34f1 From e2397167c7e5c7a02b68de45de946f63706e7d12 Mon Sep 17 00:00:00 2001 From: datamuc Date: Tue, 25 Jan 2022 10:57:02 +0100 Subject: add --queryname parameter to check_pgsql (#1741) This is used in the long output instead of the actual query. So instead of OK - 'select stuff from various, tables where some_stuff is null and other_stuff is not null' returned 42 one can use --queryname=check_greatest_basket and it will print OK - check_greatest_basket returned 42 That's nicer for alerting purposes, at least in our use case. --- plugins/check_pgsql.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'plugins/check_pgsql.c') diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index b8fc5f1d..c893386c 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -85,6 +85,8 @@ char *pgparams = NULL; double twarn = (double)DEFAULT_WARN; double tcrit = (double)DEFAULT_CRIT; char *pgquery = NULL; +#define OPTID_QUERYNAME -1000 +char *pgqueryname = NULL; char *query_warning = NULL; char *query_critical = NULL; thresholds *qthresholds = NULL; @@ -285,6 +287,7 @@ process_arguments (int argc, char **argv) {"database", required_argument, 0, 'd'}, {"option", required_argument, 0, 'o'}, {"query", required_argument, 0, 'q'}, + {"queryname", required_argument, 0, OPTID_QUERYNAME}, {"query_critical", required_argument, 0, 'C'}, {"query_warning", required_argument, 0, 'W'}, {"verbose", no_argument, 0, 'v'}, @@ -368,6 +371,9 @@ process_arguments (int argc, char **argv) case 'q': pgquery = optarg; break; + case OPTID_QUERYNAME: + pgqueryname = optarg; + break; case 'v': verbose++; break; @@ -529,6 +535,9 @@ print_help (void) printf (" %s\n", "-q, --query=STRING"); printf (" %s\n", _("SQL query to run. Only first column in first row will be read")); + printf (" %s\n", "--queryname=STRING"); + printf (" %s\n", _("A name for the query, this string is used instead of the query")); + printf (" %s\n", _("in the long output of the plugin")); printf (" %s\n", "-W, --query-warning=RANGE"); printf (" %s\n", _("SQL query value to result in warning status (double)")); printf (" %s\n", "-C, --query-critical=RANGE"); @@ -642,7 +651,13 @@ do_query (PGconn *conn, char *query) : (my_status == STATE_CRITICAL) ? _("CRITICAL") : _("UNKNOWN")); - printf (_("'%s' returned %f"), query, value); + if(pgqueryname) { + printf (_("%s returned %f"), pgqueryname, value); + } + else { + printf (_("'%s' returned %f"), query, value); + } + printf ("|query=%f;%s;%s;;\n", value, query_warning ? query_warning : "", query_critical ? query_critical : ""); -- cgit v1.2.3-74-g34f1 From 2d9c6276d0a380f831bf94734359f071d0c7e958 Mon Sep 17 00:00:00 2001 From: waja Date: Fri, 4 Nov 2022 19:16:01 +0100 Subject: Removing is_pg_dbname alltogether,using postgres API. (Closes: #1660) (#1803) The problem is that check_pgsql validates the Database name and has different assumptions that postgres itself. I fail to see a reason to validate the database name here. Postgres'es API should do this - So i would suggest a fix like this by removing is_pg_dbname alltogether. Co-authored-by: Florian Lohoff --- plugins/check_pgsql.c | 48 ++++-------------------------------------------- 1 file changed, 4 insertions(+), 44 deletions(-) (limited to 'plugins/check_pgsql.c') diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index c893386c..c26cd439 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -69,7 +69,6 @@ int process_arguments (int, char **); int validate_arguments (void); void print_usage (void); void print_help (void); -int is_pg_dbname (char *); int is_pg_logname (char *); int do_query (PGconn *, char *); @@ -347,10 +346,10 @@ process_arguments (int argc, char **argv) pgport = optarg; break; case 'd': /* database name */ - if (!is_pg_dbname (optarg)) /* checks length and valid chars */ - usage2 (_("Database name is not valid"), optarg); - else /* we know length, and know optarg is terminated, so us strcpy */ - snprintf(dbName, NAMEDATALEN, "%s", optarg); + if (strlen(optarg) >= NAMEDATALEN) { + usage2 (_("Database name exceeds the maximum length"), optarg); + } + snprintf(dbName, NAMEDATALEN, "%s", optarg); break; case 'l': /* login name */ if (!is_pg_logname (optarg)) @@ -414,45 +413,6 @@ validate_arguments () return OK; } - -/****************************************************************************** - -@@- - -is_pg_dbname - -&PROTO_is_pg_dbname; - -Given a database name, this function returns TRUE if the string -is a valid PostgreSQL database name, and returns false if it is -not. - -Valid PostgreSQL database names are less than &NAMEDATALEN; -characters long and consist of letters, numbers, and underscores. The -first character cannot be a number, however. - - --@@ -******************************************************************************/ - - - -int -is_pg_dbname (char *dbname) -{ - char txt[NAMEDATALEN]; - char tmp[NAMEDATALEN]; - if (strlen (dbname) > NAMEDATALEN - 1) - return (FALSE); - strncpy (txt, dbname, NAMEDATALEN - 1); - txt[NAMEDATALEN - 1] = 0; - if (sscanf (txt, "%[_a-zA-Z]%[^_a-zA-Z0-9-]", tmp, tmp) == 1) - return (TRUE); - if (sscanf (txt, "%[_a-zA-Z]%[_a-zA-Z0-9-]%[^_a-zA-Z0-9-]", tmp, tmp, tmp) == - 2) return (TRUE); - return (FALSE); -} - /** the tango program should eventually create an entity here based on the -- cgit v1.2.3-74-g34f1