Fix/check curl sticky redir (#2188)

* check_curl: avoid freeing memory when we don't know where it came from * check_curl: when using -f sticky conserve IPv6 addresses properly When running the check on an ipv6 address with a sticky onredirect policy like in this example: check_curl -6 -H example.com -I ::1 -f sticky It results in a getaddrinfo error: HTTP CRITICAL - Unable to lookup IP address for '[::1]': getaddrinfo returned -3 - Temporary failure in name resolution This happens because in check_http() if the content of server_addr is an ipv6 address enclosing brackets are added and on redirection a subsequent call to check_http() will pass this now bracketed value to getaddrinfo resulting in the error. To work around this, strip the brackets from the address prior to the lookup_host() call. * add Michael Jeanson to thanks
2026-02-03 18:49:29 -05:00 · 2025-11-28 12:21:08 +01:00 · 2025-11-28 12:21:08 +01:00 · db2983da7e
commit db2983da7e
parent 2f96b82c9b
4 changed files with 21 additions and 8 deletions
--- a/THANKS.in
+++ b/THANKS.in
@ -426,3 +426,4 @@ Eunice Remoquillo
 Louis Sautier
 Sven Hartge
 Alvar Penning
+Michael Jeanson
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@ -68,10 +68,6 @@ const char *email = "devel@monitoring-plugins.org";

 #include <netdb.h>

-enum {
-	MAX_IPV4_HOSTLENGTH = 255,
-};
-
 enum {
 	REGS = 2,
 };
@ -789,21 +785,21 @@ redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config
 	/* set new values for redirected request */

 	if (!(config.followsticky & STICKY_HOST)) {
-		free(working_state.server_address);
+		// free(working_state.server_address);
 		working_state.server_address = strndup(new_host, MAX_IPV4_HOSTLENGTH);
 	}
 	if (!(config.followsticky & STICKY_PORT)) {
 		working_state.serverPort = (unsigned short)new_port;
 	}

-	free(working_state.host_name);
+	// free(working_state.host_name);
 	working_state.host_name = strndup(new_host, MAX_IPV4_HOSTLENGTH);

 	/* reset virtual port */
 	working_state.virtualPort = working_state.serverPort;

 	free(new_host);
-	free(working_state.server_url);
+	// free(working_state.server_url);
 	working_state.server_url = new_url;

 	uriFreeUriMembersA(&uri);
--- a/plugins/check_curl.d/check_curl_helpers.c
+++ b/plugins/check_curl.d/check_curl_helpers.c
@ -128,8 +128,20 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
 	char dnscache[DEFAULT_BUFFER_SIZE];
 	char addrstr[DEFAULT_BUFFER_SIZE / 2];
 	if (working_state.use_ssl && working_state.host_name != NULL) {
+		char *tmp_mod_address;
+
+		/* lookup_host() requires an IPv6 address without the brackets. */
+		if ((strnlen(working_state.server_address, MAX_IPV4_HOSTLENGTH) > 2) &&
+			(working_state.server_address[0] == '[')) {
+			// Duplicate and strip the leading '['
+			tmp_mod_address =
+				strndup(working_state.server_address + 1, strlen(working_state.server_address) - 2);
+		} else {
+			tmp_mod_address = working_state.server_address;
+		}
+
 		int res;
-		if ((res = lookup_host(working_state.server_address, addrstr, DEFAULT_BUFFER_SIZE / 2,
+		if ((res = lookup_host(tmp_mod_address, addrstr, DEFAULT_BUFFER_SIZE / 2,
 							   config.sin_family)) != 0) {
 			die(STATE_CRITICAL,
 				_("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
--- a/plugins/check_curl.d/check_curl_helpers.h
+++ b/plugins/check_curl.d/check_curl_helpers.h
@ -7,6 +7,10 @@
 #	include <openssl/opensslv.h>
 #endif

+enum {
+	MAX_IPV4_HOSTLENGTH = 255,
+};
+
 /* for buffers for header and body */
 typedef struct {
 	size_t buflen;