[Nagiosplug-devel] [ nagiosplug-Bugs-1475899 ] check_tcp segfaults with mutliple -s or -e args.

SourceForge.net noreply at sourceforge.net
Mon Oct 23 17:41:12 CEST 2006


Bugs item #1475899, was opened at 2006-04-25 03:48
Message generated for change (Comment added) made by cmaser
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1475899&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: Release (specify)
Status: Open
Resolution: None
Priority: 5
Submitted By: John Rouillard (rouilj)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_tcp segfaults with mutliple -s or -e args.

Initial Comment:
Plugins 1.4.3 running on FC3 or centos 4.2 redhat linux.

The following command coredumps against netcat
running as "nc -p 2525 -l":

  check_tcp -H localhost -p 2525 -s send1 -e receive1 \
            -s send2 -e receive2 -v
Using service TCP
Port: 2525
flags: 0x2
Send string: send2
server_expect_count: 2
        0: (null)
        1: receive2
received 9 bytes from host
#-raw-recv-------#
receive2

#-raw-recv-------#
looking for [(null)] anywhere in [receive2]
Segmentation fault

Note that the second send string is sent first.
It should work as presented on the command line
and send "send1" look for "receive1" then send "send2"
and look for 'receive2".

-- rouilj



----------------------------------------------------------------------

Comment By: Christoph Maser (cmaser)
Date: 2006-10-23 17:41

Message:
Logged In: YES 
user_id=127006

i tried with 1.4.4 and this problem is still there. 

----------------------------------------------------------------------

Comment By: Ralph Rößner (ralph_roessner)
Date: 2006-10-23 17:30

Message:
Logged In: YES 
user_id=1515003

Hi,

i've stumbled over the "double -e means SEGV" thing myself.
Here is a short analysis that should help fix it.

First: these are two unrelated problems. -s is not meant to
be specified several times, and only the latest one is
effective.  Maybe this needs to be clarified in the
description, maybe not.

For the -e switch things are different. There is a meaning
of specifying this argument several time, and it is this:
The returned response must match ANY of the -e arguments. So
there is no order imposed here, nor must the response match
all the arguments you give.

Now for the segfault: This is caused by writing a NULL into
the structure holding the expected response strings in
check_tcp.c line 510. This line is redundant at best (if
only one -e argument is given) and desastrous in all other
cases. Resolution: Remove line 510.

Long version: The EXPECT that is written to is a macro that
resolves to server_expect[0]. You will notice two cases:
Either the first -e argument is being processed. In that
case server_expect itself is overwritten with a pointer to
freshly allocated memory. In this case, NULLing its first
component string is redundant. Or the second, third, ... -e
argument is being processed. In that case, the first
argument string is overwritten with the NULL, and the
server_expect struct is enlarged (realloc'd) afterwards,
keeping the NULL mine in place. Hence the SEGV later.

In the hope that this helps,
   Ralph Rößner

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1475899&group_id=29880




More information about the Devel mailing list