[Nagiosplug-devel] [ nagiosplug-Bugs-1475899 ] check_tcp segfaults with mutliple -s or -e args.

SourceForge.net noreply at sourceforge.net
Sun Jun 3 18:13:21 CEST 2007

Previous message: [Nagiosplug-devel] usage of the bool type
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1252285 ] check_ssh reports critical for some SSH servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bugs item #1475899, was opened at 2006-04-25 03:48
Message generated for change (Comment added) made by psychotrahe
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1475899&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Argument proccessing
Group: Release (specify)
>Status: Closed
Resolution: Fixed
Priority: 5
Private: No
Submitted By: John Rouillard (rouilj)
Assigned to: Matthias Eble (psychotrahe)
Summary: check_tcp segfaults with mutliple -s or -e args.

Initial Comment:
Plugins 1.4.3 running on FC3 or centos 4.2 redhat linux.

The following command coredumps against netcat
running as "nc -p 2525 -l":

  check_tcp -H localhost -p 2525 -s send1 -e receive1 \
            -s send2 -e receive2 -v
Using service TCP
Port: 2525
flags: 0x2
Send string: send2
server_expect_count: 2
        0: (null)
        1: receive2
received 9 bytes from host
#-raw-recv-------#
receive2

#-raw-recv-------#
looking for [(null)] anywhere in [receive2]
Segmentation fault

Note that the second send string is sent first.
It should work as presented on the command line
and send "send1" look for "receive1" then send "send2"
and look for 'receive2".

-- rouilj



----------------------------------------------------------------------

>Comment By: Matthias Eble (psychotrahe)
Date: 2007-06-03 18:13

Message:
Logged In: YES 
user_id=1694341
Originator: NO

segfault with multiple -e is fixed and -A/--all is now in cvs


----------------------------------------------------------------------

Comment By: Matthias Eble (psychotrahe)
Date: 2007-05-29 22:11

Message:
Logged In: YES 
user_id=1694341
Originator: NO

hi all,

thanks to ralph for this great analysis.
Your explanation describes exactly what happens/ed.

I removed the line in cvs and added a notice that -e can be repeated to
the --help output.

I'll let this item open since to me, there should be a new flag to let
check_tcp 
require ALL instead of ANY of the expect strings. This flag can then be
used to 
split XML expect strings (like in check_jabber), where a single string
could cause a false positive, since ordering doesn't matter.

----------------------------------------------------------------------

Comment By: Christoph Maser (cmaser)
Date: 2006-10-23 17:41

Message:
Logged In: YES 
user_id=127006

i tried with 1.4.4 and this problem is still there. 

----------------------------------------------------------------------

Comment By: Ralph Rößner (ralph_roessner)
Date: 2006-10-23 17:30

Message:
Logged In: YES 
user_id=1515003

Hi,

i've stumbled over the "double -e means SEGV" thing myself.
Here is a short analysis that should help fix it.

First: these are two unrelated problems. -s is not meant to
be specified several times, and only the latest one is
effective.  Maybe this needs to be clarified in the
description, maybe not.

For the -e switch things are different. There is a meaning
of specifying this argument several time, and it is this:
The returned response must match ANY of the -e arguments. So
there is no order imposed here, nor must the response match
all the arguments you give.

Now for the segfault: This is caused by writing a NULL into
the structure holding the expected response strings in
check_tcp.c line 510. This line is redundant at best (if
only one -e argument is given) and desastrous in all other
cases. Resolution: Remove line 510.

Long version: The EXPECT that is written to is a macro that
resolves to server_expect[0]. You will notice two cases:
Either the first -e argument is being processed. In that
case server_expect itself is overwritten with a pointer to
freshly allocated memory. In this case, NULLing its first
component string is redundant. Or the second, third, ... -e
argument is being processed. In that case, the first
argument string is overwritten with the NULL, and the
server_expect struct is enlarged (realloc'd) afterwards,
keeping the NULL mine in place. Hence the SEGV later.

In the hope that this helps,
   Ralph Rößner

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1475899&group_id=29880

Previous message: [Nagiosplug-devel] usage of the bool type
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1252285 ] check_ssh reports critical for some SSH servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list