diff options
| author | Anton Lofgren <alofgren@op5.com> | 2014-05-15 12:48:26 (GMT) |
|---|---|---|
| committer | Lorenz Kästle <lorenz.kaestle@netways.de> | 2022-01-14 14:34:12 (GMT) |
| commit | ecf3f468905dc2b8e8470eb5288ce8b9f845c26f (patch) | |
| tree | 292016afc6114a6aed2a6334059b07f8961a4ebb /plugins/check_ssh.c | |
| parent | 4433c7554337b6bc54a3dc548b75746f9dbc2d86 (diff) | |
| download | monitoring-plugins-ecf3f468905dc2b8e8470eb5288ce8b9f845c26f.tar.gz | |
check_ssh: Handle non-alpha software versions
This patch fixes a bug where we would reject version control strings
that do not contain letters, because the assumption is made that they
always do. This is not required by the RFC however, and there exist
implementations that do not contain letters.
I've also added a few references to the RFC to make the process of
parsing the control string more apparent.
This fixes op5#8716 (https://bugs.op5.com/view.php?id=8716)
Signed-off-by: Anton Lofgren <alofgren@op5.com>
Diffstat (limited to 'plugins/check_ssh.c')
| -rw-r--r-- | plugins/check_ssh.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index 8a3abb0..b4bfab4 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c | |||
| @@ -278,11 +278,35 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol | |||
| 278 | printf("SSH CRITICAL - No version control string received"); | 278 | printf("SSH CRITICAL - No version control string received"); |
| 279 | exit(STATE_CRITICAL); | 279 | exit(STATE_CRITICAL); |
| 280 | } | 280 | } |
| 281 | /* | ||
| 282 | * "When the connection has been established, both sides MUST send an | ||
| 283 | * identification string. This identification string MUST be | ||
| 284 | * | ||
| 285 | * SSH-protoversion-softwareversion SP comments CR LF" | ||
| 286 | * - RFC 4253:4.2 | ||
| 287 | */ | ||
| 281 | strip (version_control_string); | 288 | strip (version_control_string); |
| 282 | if (verbose) | 289 | if (verbose) |
| 283 | printf ("%s\n", version_control_string); | 290 | printf ("%s\n", version_control_string); |
| 284 | ssh_proto = version_control_string + 4; | 291 | ssh_proto = version_control_string + 4; |
| 285 | ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789."); | 292 | |
| 293 | /* | ||
| 294 | * We assume the protoversion is of the form Major.Minor, although | ||
| 295 | * this is not _strictly_ required. See | ||
| 296 | * | ||
| 297 | * "Both the 'protoversion' and 'softwareversion' strings MUST consist of | ||
| 298 | * printable US-ASCII characters, with the exception of whitespace | ||
| 299 | * characters and the minus sign (-)" | ||
| 300 | * - RFC 4253:4.2 | ||
| 301 | * and, | ||
| 302 | * | ||
| 303 | * "As stated earlier, the 'protoversion' specified for this protocol is | ||
| 304 | * "2.0". Earlier versions of this protocol have not been formally | ||
| 305 | * documented, but it is widely known that they use 'protoversion' of | ||
| 306 | * "1.x" (e.g., "1.5" or "1.3")." | ||
| 307 | * - RFC 4253:5 | ||
| 308 | */ | ||
| 309 | ssh_server = ssh_proto + strspn (ssh_proto, "0123456789.") + 1; /* (+1 for the '-' separating protoversion from softwareversion) */ | ||
| 286 | 310 | ||
| 287 | /* If there's a space in the version string, whatever's after the space is a comment | 311 | /* If there's a space in the version string, whatever's after the space is a comment |
| 288 | * (which is NOT part of the server name/version)*/ | 312 | * (which is NOT part of the server name/version)*/ |