monitoring-plugins/plugins/check_ssh.c, branch 3.0.0-rc3

Make IPv6 unconditional (#2219)

2026-02-06T11:59:58Z

This commits removes the detection of IPv6 availability. The IPv6 code in the plugins is used unconditionally now.

OpenBSD: pledge(2) some network-facing checks (#2225)

2026-02-06T11:58:38Z

OpenBSD's pledge(2) system call allows the current process to self-restrict itself, being reduced to promised pledges. For example, unless a process says it wants to write to files, it is not allowed to do so any longer. This change starts by calling pledge(2) in some network-facing checks, removing the more dangerous privileges, such as executing other files. My initial motivation came from check_icmp, being installed as a setuid binary and (temporarily) running with root privileges. There, the pledge(2) calls result in check_icmp to only being allowed to interact with the network and to setuid(2) to the calling user later on. Afterwards, I went through my most commonly used monitoring plugins directly interacting with the network. Thus, I continued with pledge(2)-ing check_curl - having a huge codebase and all -, check_ntp_time, check_smtp, check_ssh, and check_tcp. For most of those, the changes were quite similar: start with network-friendly promises, parse the configuration, give up file access, and proceed with the actual check.

clang-format

2025-08-01T12:35:23Z

check_ssh: Put variable in the correct scope

2025-08-01T12:35:13Z

check_ssh: Fix format expression

2025-08-01T12:34:29Z

check_ssh: fix data type to allow for error checking

2025-08-01T12:34:01Z

check_ssh: Correct type on len variable

2025-07-11T23:44:03Z

strlen() returns a size_t. Signed-off-by: Richard Laager

check_ssh: Fix buffer overflow

2025-07-11T23:43:59Z

A buffer overflow was occurring when the server responded with: Exceeded MaxStartups\r\n glibc would then abort() with the following output: *** buffer overflow detected ***: terminated It was the memset() that was overflowing the buffer. But the memmove() needed fixing too. First off, there was an off-by-one error in both the memmove() and memset(). byte_offset was already set to the start of the data _past_ the newline (i.e. len + 1). For the memmove(), incrementing that by 1 again lost the first character of the additional output. For the memset(), this causes a buffer overflow. Second, the memset() has multiple issues. The comment claims that it was NULing (sic "null") the "rest". However, it has no idea how long the "rest" is, at this point. It was NULing BUFF_SZ - byte_offset + 1. After fixing the off-by-one / buffer overflow, it would be NULing BUFF_SZ - byte_offset. But that doesn't make any sense. The length of the first line has no relation to the length of the second line. For a quick-and-dirty test, add something like this just inside the while loop: memcpy(output, "Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0", sizeof("Exceeded MaxStartups\r\nnext blah1 blah2 blah3 blah4\0")); And, after the memmove(), add: printf("output='%s'\n", output); If you fix the memset() buffer overflow, it will output: output='ext blah1 blah2 blah3 ' As you can see, the first character is lost. If you then fix the memmove(), it will output: output='next blah1 blah2 blah3' Note that this is still losing the "blah4". After moving the memset() after byte_offset is set to the new strlen() of output, then it works correctly: output='next blah1 blah2 blah3 blah4' Signed-off-by: Richard Laager

Transform output format to a global state

2025-03-07T22:38:50Z

This commit removes the format parameter from the mp_check object and creates a module global variable instead. This prevents thread safe usage of different mp_check objects which should likely not present a big problem for now. The reason for this change is effectively the very same, the format was lost if an exit was triggered by a signal handler (timeout in this example).

check_ssh.c: clang-format

2025-03-07T22:38:50Z