From b7fc2eb15aa02da234e9fd2f4ab021bfff6c00c2 Mon Sep 17 00:00:00 2001 From: Sebastian Herbszt Date: Wed, 26 Nov 2014 23:51:00 +0100 Subject: check_apt: fix memset Fix memset introduced by commit 9ce7369 ("plugins/check_apt.c - Print uninitialized ereg"). Signed-off-by: Sebastian Herbszt --- plugins/check_apt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 07622c2f..8747f904 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -224,7 +224,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ char *cmdline=NULL, rerrbuf[64]; /* initialize ereg as it is possible it is printed while uninitialized */ - memset(&ereg, "\0", sizeof(ereg.buffer)); + memset(&ereg, '\0', sizeof(ereg.buffer)); if(upgrade==NO_UPGRADE) return STATE_OK; -- cgit v1.2.3-74-g34f1 From a4a1b37be0ff96492d13e87ce59c82482d961f56 Mon Sep 17 00:00:00 2001 From: Sebastian Herbszt Date: Wed, 26 Nov 2014 23:54:49 +0100 Subject: check_ntp: fix null termination Fix null termination introduced by commit a04df3e ("plugins/check_ntp.c - Verify struct from response"). Signed-off-by: Sebastian Herbszt --- plugins/check_ntp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 09a923eb..546802a3 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -616,7 +616,7 @@ double jitter_request(const char *host, int *status){ if (bytes_read != ntp_cm_ints + req.count) die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); /* else null terminate */ - strncpy(req.data[req.count], "\0", 1); + req.data[req.count] = '\0'; DBG(print_ntp_control_message(&req)); -- cgit v1.2.3-74-g34f1 From 30f0eeed578a1606eb53e135c1c5417d61d56295 Mon Sep 17 00:00:00 2001 From: Sebastian Herbszt Date: Thu, 27 Nov 2014 00:03:23 +0100 Subject: check_real: fix null termination Fix null termination introduced by commit b61f51a ("plugins/check_real.c - recv string null terminate"). Signed-off-by: Sebastian Herbszt --- plugins/check_real.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_real.c b/plugins/check_real.c index 36f64134..1816bf56 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -178,7 +178,7 @@ main (int argc, char **argv) /* watch for the REAL connection string */ result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0); - buffer[result] = "\0"; /* null terminate recieved buffer */ + buffer[result] = '\0'; /* null terminate recieved buffer */ /* return a CRITICAL status if we couldn't read any data */ if (result == -1) { -- cgit v1.2.3-74-g34f1 From 5871123e0a5f520f810b2cfe03cef16c4c5a1aee Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 30 Nov 2014 23:39:59 +0100 Subject: Revert "plugins/check_ntp.c - Verify struct from response" This reverts commit a04df3e1b67dc5eab3adc202cc89901f801cdeaa. The "fix" was bogus in many ways and broke jitter checking. Conflicts: plugins/check_ntp.c --- plugins/check_ntp.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'plugins') diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 546802a3..0a7640a7 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -517,14 +517,13 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){ double jitter_request(const char *host, int *status){ int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; - int peers_size=0, peer_offset=0, bytes_read=0; + int peers_size=0, peer_offset=0; ntp_assoc_status_pair *peers=NULL; ntp_control_message req; const char *getvar = "jitter"; double rval = 0.0, jitter = -1.0; char *startofvalue=NULL, *nptr=NULL; void *tmp; - int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2; /* Long-winded explanation: * Getting the jitter requires a number of steps: @@ -609,15 +608,7 @@ double jitter_request(const char *host, int *status){ req.count = htons(MAX_CM_SIZE); DBG(printf("recieving READVAR response...\n")); - - /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/ - if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1) - die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno)); - if (bytes_read != ntp_cm_ints + req.count) - die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); - /* else null terminate */ - req.data[req.count] = '\0'; - + read(conn, &req, SIZEOF_NTPCM(req)); DBG(print_ntp_control_message(&req)); if(req.op&REM_ERROR && strstr(getvar, "jitter")) { -- cgit v1.2.3-74-g34f1 From 99b3bfe488a856df059e933c796590eea0baae8d Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 1 Dec 2014 01:07:53 +0100 Subject: check_ntp: Nul-terminate jitter data Make sure the jitter response is nul-terminated before parsing the data using string functions. --- plugins/check_ntp.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 0a7640a7..a7d278de 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -590,6 +590,9 @@ double jitter_request(const char *host, int *status){ for (i = 0; i < npeers; i++){ /* Only query this server if it is the current sync source */ if (PEER_SEL(peers[i].status) >= min_peer_sel){ + char jitter_data[MAX_CM_SIZE+1]; + size_t jitter_data_count; + num_selected++; setup_control_request(&req, OP_READVAR, 2); req.assoc = peers[i].assoc; @@ -623,7 +626,14 @@ double jitter_request(const char *host, int *status){ if(verbose) { printf("parsing jitter from peer %.2x: ", ntohs(peers[i].assoc)); } - startofvalue = strchr(req.data, '='); + if((jitter_data_count = ntohs(req.count)) >= sizeof(jitter_data)){ + die(STATE_UNKNOWN, + _("jitter response too large (%lu bytes)\n"), + (unsigned long)jitter_data_count); + } + memcpy(jitter_data, req.data, jitter_data_count); + jitter_data[jitter_data_count] = '\0'; + startofvalue = strchr(jitter_data, '='); if(startofvalue != NULL) { startofvalue++; jitter = strtod(startofvalue, &nptr); -- cgit v1.2.3-74-g34f1 From 22dfca20fd83da319ec23160e0092a602b6c1eea Mon Sep 17 00:00:00 2001 From: Sebastian Herbszt Date: Sun, 30 Nov 2014 23:57:47 +0100 Subject: check_tcp: fix help description regarding escape option The help description should print '\\' for backslash not just '\'. Signed-off-by: Sebastian Herbszt --- plugins/check_tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index fc0adba0..63f9fd9c 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -643,7 +643,7 @@ print_help (void) printf (UT_IPv46); printf (" %s\n", "-E, --escape"); - printf (" %s\n", _("Can use \\n, \\r, \\t or \\ in send or quit string. Must come before send or quit option")); + printf (" %s\n", _("Can use \\n, \\r, \\t or \\\\ in send or quit string. Must come before send or quit option")); printf (" %s\n", _("Default: nothing added to send, \\r\\n added to end of quit")); printf (" %s\n", "-s, --send=STRING"); printf (" %s\n", _("String to send to the server")); -- cgit v1.2.3-74-g34f1