[monitoring-plugins] fix check_curl crash if http header contains ...

[Jan Wagner]

    Module: monitoring-plugins
    Branch: wip-2.3.1
    Commit: 2bb6abb501cdcace5808fad89f1941f36c69fbf5
    Author: Sven Nierlein <sven at nierlein.de>
 Committer: Jan Wagner <waja at cyconet.org>
      Date: Thu Mar 11 13:33:16 2021 +0100
       URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=2bb6abb

fix check_curl crash if http header contains leading spaces

check_curl crashes when a (broken) http server returns invalid http header with
leading spaces or double colons. This PR adds a fix and a test case for this.

Signed-off-by: Sven Nierlein <sven at nierlein.de>

---

 plugins/check_curl.c       |  2 +-
 plugins/tests/check_curl.t | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 8f274c2..9f1eafa 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -2060,7 +2060,7 @@ get_header_value (const struct phr_header* headers, const size_t nof_headers, co
 {
   int i;
   for( i = 0; i < nof_headers; i++ ) {
-    if( strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
+    if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
       return strndup( headers[i].value, headers[i].value_len );
     }
   }
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index 1afbe4b..0caad23 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -21,7 +21,7 @@ use FindBin qw($Bin);
 
 $ENV{'LC_TIME'} = "C";
 
-my $common_tests = 70;
+my $common_tests = 72;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -188,6 +188,12 @@ sub run_server {
 				$c->send_basic_header;
 				$c->send_header('foo');
 				$c->send_crlf;
+			} elsif ($r->url->path eq "/header_broken_check") {
+				$c->send_basic_header;
+				$c->send_header('foo');
+				print $c "Test1:: broken\n";
+				print $c " Test2: leading whitespace\n";
+				$c->send_crlf;
 			} elsif ($r->url->path eq "/virtual_port") {
 				# return sent Host header
 				$c->send_basic_header;
@@ -247,7 +253,7 @@ my $cmd;
 # advanced checks with virtual hostname and virtual port
 SKIP: {
 	skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks;
-	
+
 	# http without virtual port
 	$cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$";
 	$result = NPTest->testCmd( $cmd );
@@ -259,7 +265,7 @@ SKIP: {
 	$result = NPTest->testCmd( $cmd );
 	is( $result->return_code, 0, $cmd);
 	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
-	
+
 	# http with virtual port (80)
 	$cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$";
 	$result = NPTest->testCmd( $cmd );
@@ -321,6 +327,10 @@ sub run_common_tests {
 	is( $result->return_code, 2, "Missing header string check");
 	like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
 
+	$result = NPTest->testCmd( "$command -u /header_broken_check" );
+	is( $result->return_code, 0, "header_check search for string");
+	like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" );
+
 	my $cmd;
 	$cmd = "$command -u /slow";
 	$result = NPTest->testCmd( $cmd );