[Nagiosplug-devel] [ nagiosplug-Bugs-1813346 ] check_http "-f follow" crash with "LLLLLocation" HTTP header

[SourceForge.net]

Bugs item #1813346, was opened at 2007-10-14 22:59
Message generated for change (Settings changed) made by hweiss
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1813346&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: None
>Status: Closed
Resolution: Accepted
Priority: 5
Private: No
Submitted By: fabiodds (fabiodds)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http "-f follow" crash with "LLLLLocation" HTTP header

Initial Comment:
Hello,

I've found a crash bug in check_http. Let's say we run it with "-f 
follow" and make it connect to a server that sends back this:

HTTP/1.0 304 Something
[500 L characters here]ocation: http://sourceforge.net/

In this case, check_http will crash and burn with a segfault.

I have attached a patch that will correct this issue.

-- fabiodds


----------------------------------------------------------------------

Comment By: Holger Weiss (hweiss)
Date: 2007-10-15 00:22

Message:
Logged In: YES 
user_id=759506
Originator: NO

Bah, this is the umpteenth bug in check_http's parsing of the 'Location'
header, I guess we should rewrite that.  Anyway, I committed your patch to
SVN and I also specified a field width of 1 for the characters following
the 'L'.  They're not written to memory, but it makes no sense to accept
'Looocaaatiooon' as a valid 'Location' header.

Thank you very much, Holger

PS: If you're not yet in our THANKS file, please send me
(hweiss at users.sourceforge.net) your real name if I may add it :-)

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1813346&group_id=29880