661ecff45c
A buffer overflow was occurring when the server responded with:
Exceeded MaxStartups\r\n
glibc would then abort() with the following output:
*** buffer overflow detected ***: terminated
It was the memset() that was overflowing the buffer. But the memmove()
needed fixing too.
First off, there was an off-by-one error in both the memmove() and
memset(). byte_offset was already set to the start of the data _past_
the newline (i.e. len + 1). For the memmove(), incrementing that by 1
again lost the first character of the additional output. For the
memset(), this causes a buffer overflow.
Second, the memset() has multiple issues. The comment claims that it
was NULing (sic "null") the "rest". However, it has no idea how long
the "rest" is, at this point. It was NULing BUFF_SZ - byte_offset + 1.
After fixing the off-by-one / buffer overflow, it would be NULing
BUFF_SZ - byte_offset. But that doesn't make any sense. The length of
the first line has no relation to the length of the second line.
For a quick-and-dirty test, add something like this just inside the
while loop:
memcpy(output,
"Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0",
sizeof("Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0"));
And, after the memmove(), add:
printf("output='%s'\n", output);
If you fix the memset() buffer overflow, it will output:
output='ext blah1 blah2 blah3 '
As you can see, the first character is lost.
If you then fix the memmove(), it will output:
output='next blah1 blah2 blah3'
Note that this is still losing the "blah4".
After moving the memset() after byte_offset is set to the new strlen()
of output, then it works correctly:
output='next blah1 blah2 blah3 blah4'
Signed-off-by: Richard Laager <rlaager@wiktel.com>
|
||
|---|---|---|
| .github | ||
| build-aux | ||
| config_test | ||
| doc | ||
| gl | ||
| lib | ||
| m4 | ||
| perlmods | ||
| pkg | ||
| plugins | ||
| plugins-root | ||
| plugins-scripts | ||
| tap | ||
| tools | ||
| .clang-format | ||
| .gitignore | ||
| ABOUT-NLS | ||
| acinclude.m4 | ||
| ACKNOWLEDGEMENTS | ||
| AUTHORS | ||
| autogen.sh | ||
| CODING | ||
| config.rpath | ||
| configure.ac | ||
| COPYING | ||
| FAQ | ||
| Makefile.am | ||
| mkinstalldirs | ||
| NEWS | ||
| NP-VERSION-GEN | ||
| NPTest.pm | ||
| README | ||
| README.md | ||
| REQUIREMENTS | ||
| SUPPORT | ||
| test.pl.in | ||
| THANKS.in | ||
Monitoring Plugins
-
For instructions on installing these plugins for use with your monitoring system, see below. In addition, generic instructions for the GNU toolchain can be found in the
INSTALLfile. -
For major changes between releases, read the
NEWSfile. -
For information on detailed changes that have been made or plugins that have been added, read the
ChangeLogfile. -
Some plugins require that you have additional programs or libraries installed on your system before they can be used. Plugins that are dependent on other programs/libraries that are missing are usually not compiled. Read the
REQUIREMENTSfile for more information. -
Individual plugins are self-documenting. All plugins that comply with the basic guidelines for development will provide detailed help when invoked with the
-hor--helpoptions.
You can check the latest plugins at:
Send an email to help@monitoring-plugins.org for assistance. Please
include the OS type and version that you are using. Also, run the plugin
with the -vvv option and provide the resulting version information. Of
course, there may be additional diagnostic information required as well.
Use good judgment.
Send an email to devel@monitoring-plugins.org for developer discussions.
For patch submissions and bug reports, please use the appropriate resources at:
Installation Instructions
-
If you are using the Git tree, you will need m4, gettext, automake, and autoconf. To start out, run:
./tools/setupFor more detail, see the developer guidelines at https://www.monitoring-plugins.org/doc/guidelines.html.
-
Run the configure script to initialize variables and create a Makefile, etc.
./configure --prefix=BASEDIRECTORY --with-cgiurl=SOMEURLReplace
BASEDIRECTORYwith the path of the directory under which your monitoring system is installed (default is/usr/local), and replaceSOMEURLwith the path used to access the monitoring system CGIs with a web browser (default is/nagios/cgi-bin). -
Compile the plugins with the following command:
make -
Install the compiled plugins and plugin scripts with the following command:
make installThe installation procedure will attempt to place the plugins in a
libexec/subdirectory in the base directory you specified with the--prefixargument to the configure script. -
There are some plugins that require setuid. If you run make install as a non-root user, they will not be installed. To install, switch to root and run:
make install-root
That's it! If you have any problems or questions, feel free to send an email to help@monitoring-plugins.org.
License Notice
You can redistribute and/or modify this software under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version; with the additional exemption that compiling, linking, and/or using OpenSSL is allowed.
This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the COPYING file for the complete text of the GNU General Public
License, version 3.