A buffer overflow was occurring when the server responded with:
Exceeded MaxStartups\r\n
glibc would then abort() with the following output:
*** buffer overflow detected ***: terminated
It was the memset() that was overflowing the buffer. But the memmove()
needed fixing too.
First off, there was an off-by-one error in both the memmove() and
memset(). byte_offset was already set to the start of the data _past_
the newline (i.e. len + 1). For the memmove(), incrementing that by 1
again lost the first character of the additional output. For the
memset(), this causes a buffer overflow.
Second, the memset() has multiple issues. The comment claims that it
was NULing (sic "null") the "rest". However, it has no idea how long
the "rest" is, at this point. It was NULing BUFF_SZ - byte_offset + 1.
After fixing the off-by-one / buffer overflow, it would be NULing
BUFF_SZ - byte_offset. But that doesn't make any sense. The length of
the first line has no relation to the length of the second line.
For a quick-and-dirty test, add something like this just inside the
while loop:
memcpy(output,
"Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0",
sizeof("Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0"));
And, after the memmove(), add:
printf("output='%s'\n", output);
If you fix the memset() buffer overflow, it will output:
output='ext blah1 blah2 blah3 '
As you can see, the first character is lost.
If you then fix the memmove(), it will output:
output='next blah1 blah2 blah3'
Note that this is still losing the "blah4".
After moving the memset() after byte_offset is set to the new strlen()
of output, then it works correctly:
output='next blah1 blah2 blah3 blah4'
Signed-off-by: Richard Laager <rlaager@wiktel.com>
Refactor check_icmp:
- Far less global variables
- Proper IPv6/legacy IP dual stack functionality (allowed mixed v4/v6 hosts)
- Improved readability/understandability
- General cleanup
fping 5.2 and 5.3 add some new useful command line options
which this commit add to check_fping.
These are:
* --fwmark - sets a firewall mark in the packages to make them
identifiable (fping 5.2)
* --icmp-timestamp - fping uses ICMP timestamp instead of ICMP
Echo (fping 5.2)
* --check-source - fping discards replies which originate not from
the target address (fping 5.2)
The fping release notes describe theses options ( https://github.com/schweikert/fping/releases )
in a little bit more detail.
Currently the help display for those options is only shown
when fping was available in the appropriate version during
compilation.
If fping is used with a target that has dual stack v4/v6, then due to
the logic during command construction, ipv4 will never be checked as v6
is preferred by fping.
This explicitly flags -4/-6 when it is requested by the user.
The old error message is quite similar to the openssl `failed to retrieve issuer certificate` and can mislead users to troubleshooting certificate stores.
The new message should be distinct enough to make it clear to users that this is not a problem raised by the underlying SSL implementation, but a problem inside monitoring-plugins.
