A buffer overflow was occurring when the server responded with:
Exceeded MaxStartups\r\n
glibc would then abort() with the following output:
*** buffer overflow detected ***: terminated
It was the memset() that was overflowing the buffer. But the memmove()
needed fixing too.
First off, there was an off-by-one error in both the memmove() and
memset(). byte_offset was already set to the start of the data _past_
the newline (i.e. len + 1). For the memmove(), incrementing that by 1
again lost the first character of the additional output. For the
memset(), this causes a buffer overflow.
Second, the memset() has multiple issues. The comment claims that it
was NULing (sic "null") the "rest". However, it has no idea how long
the "rest" is, at this point. It was NULing BUFF_SZ - byte_offset + 1.
After fixing the off-by-one / buffer overflow, it would be NULing
BUFF_SZ - byte_offset. But that doesn't make any sense. The length of
the first line has no relation to the length of the second line.
For a quick-and-dirty test, add something like this just inside the
while loop:
memcpy(output,
"Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0",
sizeof("Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0"));
And, after the memmove(), add:
printf("output='%s'\n", output);
If you fix the memset() buffer overflow, it will output:
output='ext blah1 blah2 blah3 '
As you can see, the first character is lost.
If you then fix the memmove(), it will output:
output='next blah1 blah2 blah3'
Note that this is still losing the "blah4".
After moving the memset() after byte_offset is set to the new strlen()
of output, then it works correctly:
output='next blah1 blah2 blah3 blah4'
Signed-off-by: Richard Laager <rlaager@wiktel.com>
This commit removes the format parameter from the mp_check
object and creates a module global variable instead.
This prevents thread safe usage of different mp_check objects
which should likely not present a big problem for now.
The reason for this change is effectively the very same,
the format was lost if an exit was triggered by a signal
handler (timeout in this example).
Previous to this commit, `elapsed_time` was only set after being read,
which was quite likely wrong and a bug.
This commit actually set the value before it is being read again.
* check_ssh: properly parse a delayed version control string
This resolves an issue with SSH servers which do not respond with their
version control string as the first thing in the SSH protocol version
exchange phase after connection establishment.
This patch also makes sure that we disregard a potential comment in the
version exchange string to avoid nonsense mismatches. In the future, we
might want to add the capability to match against a user specified comment.
In addition, the patch largely improves the communication towards the
server, which adds better protocol adherence.
Of course, new test cases are added to support the trigger and guard
against regressions of the bugs solved by this patch.
This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945)
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* check_ssh.t: Fix a few typos
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* check_ssh: Handle non-alpha software versions
This patch fixes a bug where we would reject version control strings
that do not contain letters, because the assumption is made that they
always do. This is not required by the RFC however, and there exist
implementations that do not contain letters.
I've also added a few references to the RFC to make the process of
parsing the control string more apparent.
This fixes op5#8716 (https://bugs.op5.com/view.php?id=8716)
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* check_ssh: Fix a typo in "remote-protocol parameter
remote-protcol -> remote-protocol
Signed-off-by: Anton Lofgren <alofgren@op5.com>
* Remove unused variable
* Formating fixes
* Update translations
* Remove merge conflict artefact from previous merge
* Set fixed include paths
* Improve code style to be slightly more readable
* Update test cases for different netcat behaviour and reduce sleep time
---------
Signed-off-by: Anton Lofgren <alofgren@op5.com>
Co-authored-by: Anton Lofgren <alofgren@op5.com>
It makes more sense to exit critical if a explicit version/protocol is requested. This
would also be more consistent with other plugins. Other string matching plugins like
check_snmp or check_http exit critical if the result does not match.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Closes#1268
* maint:
check_ssh: Get rid of sshd: Read from socket failed: Connection reset by peer
fixed tests when there is no direct internet connection
NEWS: Mention fix for check_http's -S option
Fix for SSL Versioning when multiple options are used.
Fix#1217 spec file fails to build due to duplicate files and unused files
check_http: Don't let "-N" expect an argument
README: Change GitHub URL
README: Clarify license notice
Update URLs and mailing list addresses
Just using the posix conform extended regular expression grep
check_oracle: --db +ASM bad string matching check_oracle doesn't correctly check for pmon +ASM instance from at least Oracle 11 as the pmon proces was renamed from ora_pmon_.* to asm_pmon_.*. -- Just turning attached patch of github issue #1207 into a push request. (Closes#1207)
Update web site URLs
Conflicts:
FAQ
NEWS
README
SUPPORT
configure.in
monitoring-plugins.spec.in
pkg/solaris/pkginfo.in
plugins-root/check_dhcp.c
plugins-root/check_icmp.c
plugins-scripts/check_ifoperstatus.pl
plugins-scripts/check_mssql.pl
plugins/check_apt.c
plugins/check_by_ssh.c
plugins/check_cluster.c
plugins/check_dbi.c
plugins/check_dig.c
plugins/check_disk.c
plugins/check_dns.c
plugins/check_dummy.c
plugins/check_fping.c
plugins/check_game.c
plugins/check_hpjd.c
plugins/check_http.c
plugins/check_ide_smart.c
plugins/check_ldap.c
plugins/check_load.c
plugins/check_mrtg.c
plugins/check_mrtgtraf.c
plugins/check_mysql.c
plugins/check_mysql_query.c
plugins/check_nagios.c
plugins/check_nt.c
plugins/check_ntp.c
plugins/check_ntp_peer.c
plugins/check_ntp_time.c
plugins/check_nwstat.c
plugins/check_overcr.c
plugins/check_pgsql.c
plugins/check_ping.c
plugins/check_procs.c
plugins/check_radius.c
plugins/check_real.c
plugins/check_smtp.c
plugins/check_snmp.c
plugins/check_ssh.c
plugins/check_swap.c
plugins/check_tcp.c
plugins/check_time.c
plugins/check_ups.c
plugins/check_users.c
plugins/negate.c
plugins/urlize.c
plugins/utils.h
po/Makevars
po/de.po
po/fr.po
po/monitoring-plugins.pot
This is an initial take at renaming the project to Monitoring Plugins.
It's not expected to be fully complete, and it is expected to break
things (The perl module for instance). More testing will be required
before this goes mainline.
It would be useful to be able to detect the protocols supported by the remote
ssh server to locate any using the insecure ssh v1 protocol. This patch
attempts to match against the protocol string in the ssh response.
Example:
check_ssh -H my.host.com -P 2.0
--
Just turning attached patch of github issue #780 into a push request.
(Closes#780)
Fixes many instances of
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Bug #2832884 reported problem with translations outputting pot file
headers. This is caused by "" matching the header of the translation
files.
This patch moves gettext macros inside utils macros and update some
french translations.
