[Nagiosplug-devel] several problems with 1.4 plugins

[Voon, Ton]

Nikolay,

Thanks for your email. In response:

1) The "." is intentional, but someone else has already pointed out that
we should not be doing a sscanf for %.0f as this is not a standard. I
can't remember if a patch was provided for check_swap.c, but I'd be
happy to receive one. 

2) The plan was to only use asprintf, instead of sprintf, strcpy,
strcat, etc. I would be happy to receive a patch for this on any
plugins.

3) Where is the best fix for libcrypto v libcrypt? Again, happy to
accept a patch.

4) Unfortunately, I don't use pgsql, so I can't test. Where should
${PGINCLUDE} be added?

5) Thanks, I'll apply that tonight.

Ton


-----Original Message-----
From: nagiosplug-devel-admin at lists.sourceforge.net
[mailto:nagiosplug-devel-admin at lists.sourceforge.net] On Behalf Of
Nikolay Sturm
Sent: 29 March 2005 16:24
To: nagiosplug-devel at lists.sourceforge.net
Subject: [Nagiosplug-devel] several problems with 1.4 plugins

Hi!

I have several problems with the 1.4 plugins on OpenBSD.

1)
check_swap.c: In function `process_arguments':
check_swap.c:386: warning: unknown conversion type character `.' in
format
check_swap.c:386: warning: int format, float arg (arg 3)
check_swap.c:386: warning: too many arguments for format
check_swap.c:403: warning: unknown conversion type character `.' in
format
check_swap.c:403: warning: int format, float arg (arg 3)
check_swap.c:403: warning: too many arguments for format

Is this '.' intentional?

2) You happen to still use sprintf(), strcpy(), strcat() and friends all
the time. It is widely accepted, that these functions are insecure and
shouldn't be used. Personally, I'd like to see the nagios-plugins use
snprintf(), strlcpy(), strlcat() and friends instead, would you accept a
patch testing for these functions existence in configure and using them
if available?

3) At least on OpenBSD, the crypto library is called libcrypto and not
libcrypt.

4) ${PGINCLUDE} is missing from check_pqsql's build rule, so that header
files in /usr/include/postgresql are not found.

5) check_smtp is misusing static buffers, diff attached.

Nikolay

-----------------------------------------
Egg is a trading name of the Egg group of companies which includes: Egg plc
(reg no 2448340), Egg Financial Products ltd (reg no 3319027), Egg
International ltd (reg no 4059266), Egg Financial Intermediation ltd (reg
no 382828), Egg Investments ltd (reg no 3403963) and Egg Banking plc (reg
no 2999842.  Egg Investments Ltd, Egg Banking plc and Egg Financial
Intermediation Ltd are authorised and regulated by the Financial Services
Authority (FSA) and are entered in the FSA register under numbers 190518,
205621 and 309551 respectively. These members of the Egg group are
registered in England and Wales. Registered offices: 1 Waterhouse Square,
138-142 Holborn, London EC1N 2NA.    This e-mail is confidential and for
use by the addressee only.  If you are not the intended recipient of this
e-mail and have received it in error, please return the message to the
sender by replying to it and then delete it from your mailbox.  Internet
e-mails are not necessarily secure. The Egg group of companies do not
accept responsibility for changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the transmission of
viruses, it is the responsibility of the recipient to ensure that the
onward transmission, opening or use of this message and any attachments
will not adversely affect its systems or data. No responsibility is
accepted by the Egg group of companies in this regard and the recipient
should carry out such virus and other checks as it considers appropriate.
This communication does not create or modify any contract.