diff options
| author | Spenser Reinhardt <sreinhardt@nagios.com> | 2014-06-22 20:34:25 (GMT) |
|---|---|---|
| committer | Jan Wagner <waja@cyconet.org> | 2014-06-28 16:21:26 (GMT) |
| commit | 5866cb0a09876d6b2a84006bda8aa9de7ea467fd (patch) | |
| tree | 5e188731874aa5ff73e8eb88e27c56028e3afa46 | |
| parent | a04df3e1b67dc5eab3adc202cc89901f801cdeaa (diff) | |
| download | monitoring-plugins-5866cb0.tar.gz | |
plugins/check_http.c - leakage fix
Coverity 66514 - Possible leakage and overflow with addr in redirect functionality. Not confirmed as null terminated, and externally gathered. Restrict string comparisons and duplications by size. - SR
| -rw-r--r-- | plugins/check_http.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 92861d9..5167997 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
| @@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line) | |||
| 1243 | if (addr == NULL) | 1243 | if (addr == NULL) |
| 1244 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); | 1244 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); |
| 1245 | 1245 | ||
| 1246 | memset(addr, 0, MAX_IPV4_HOSTLENGTH); | ||
| 1246 | url = malloc (strcspn (pos, "\r\n")); | 1247 | url = malloc (strcspn (pos, "\r\n")); |
| 1247 | if (url == NULL) | 1248 | if (url == NULL) |
| 1248 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); | 1249 | die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); |
| @@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line) | |||
| 1333 | max_depth, type, addr, i, url, (display_html ? "</A>" : "")); | 1334 | max_depth, type, addr, i, url, (display_html ? "</A>" : "")); |
| 1334 | 1335 | ||
| 1335 | if (server_port==i && | 1336 | if (server_port==i && |
| 1336 | !strcmp(server_address, addr) && | 1337 | !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) && |
| 1337 | (host_name && !strcmp(host_name, addr)) && | 1338 | (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) && |
| 1338 | !strcmp(server_url, url)) | 1339 | !strcmp(server_url, url)) |
| 1339 | die (STATE_WARNING, | 1340 | die (STATE_WARNING, |
| 1340 | _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), | 1341 | _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), |
| @@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line) | |||
| 1343 | strcpy (server_type, type); | 1344 | strcpy (server_type, type); |
| 1344 | 1345 | ||
| 1345 | free (host_name); | 1346 | free (host_name); |
| 1346 | host_name = strdup (addr); | 1347 | host_name = strndup (addr, MAX_IPV4_HOSTLENGTH); |
| 1347 | 1348 | ||
| 1348 | if (!(followsticky & STICKY_HOST)) { | 1349 | if (!(followsticky & STICKY_HOST)) { |
| 1349 | free (server_address); | 1350 | free (server_address); |
| 1350 | server_address = strdup (addr); | 1351 | server_address = strndup (addr, MAX_IPV4_HOSTLENGTH); |
| 1351 | } | 1352 | } |
| 1352 | if (!(followsticky & STICKY_PORT)) { | 1353 | if (!(followsticky & STICKY_PORT)) { |
| 1353 | server_port = i; | 1354 | server_port = i; |
| @@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line) | |||
| 1366 | printf (_("Redirection to %s://%s:%d%s\n"), server_type, | 1367 | printf (_("Redirection to %s://%s:%d%s\n"), server_type, |
| 1367 | host_name ? host_name : server_address, server_port, server_url); | 1368 | host_name ? host_name : server_address, server_port, server_url); |
| 1368 | 1369 | ||
| 1370 | free(addr); | ||
| 1369 | check_http (); | 1371 | check_http (); |
| 1370 | } | 1372 | } |
| 1371 | 1373 | ||