From db2983da7e8175ca3928998d4547acdf75d55dc0 Mon Sep 17 00:00:00 2001 From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> Date: Fri, 28 Nov 2025 12:21:08 +0100 Subject: Fix/check curl sticky redir (#2188) * check_curl: avoid freeing memory when we don't know where it came from * check_curl: when using -f sticky conserve IPv6 addresses properly When running the check on an ipv6 address with a sticky onredirect policy like in this example: check_curl -6 -H example.com -I ::1 -f sticky It results in a getaddrinfo error: HTTP CRITICAL - Unable to lookup IP address for '[::1]': getaddrinfo returned -3 - Temporary failure in name resolution This happens because in check_http() if the content of server_addr is an ipv6 address enclosing brackets are added and on redirection a subsequent call to check_http() will pass this now bracketed value to getaddrinfo resulting in the error. To work around this, strip the brackets from the address prior to the lookup_host() call. * add Michael Jeanson to thanks --- plugins/check_curl.c | 10 +++------- plugins/check_curl.d/check_curl_helpers.c | 14 +++++++++++++- plugins/check_curl.d/check_curl_helpers.h | 4 ++++ 3 files changed, 20 insertions(+), 8 deletions(-) (limited to 'plugins') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index ba856a11..e3e514ff 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -68,10 +68,6 @@ const char *email = "devel@monitoring-plugins.org"; #include -enum { - MAX_IPV4_HOSTLENGTH = 255, -}; - enum { REGS = 2, }; @@ -789,21 +785,21 @@ redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config /* set new values for redirected request */ if (!(config.followsticky & STICKY_HOST)) { - free(working_state.server_address); + // free(working_state.server_address); working_state.server_address = strndup(new_host, MAX_IPV4_HOSTLENGTH); } if (!(config.followsticky & STICKY_PORT)) { working_state.serverPort = (unsigned short)new_port; } - free(working_state.host_name); + // free(working_state.host_name); working_state.host_name = strndup(new_host, MAX_IPV4_HOSTLENGTH); /* reset virtual port */ working_state.virtualPort = working_state.serverPort; free(new_host); - free(working_state.server_url); + // free(working_state.server_url); working_state.server_url = new_url; uriFreeUriMembersA(&uri); diff --git a/plugins/check_curl.d/check_curl_helpers.c b/plugins/check_curl.d/check_curl_helpers.c index d49d8f07..e4e7bef6 100644 --- a/plugins/check_curl.d/check_curl_helpers.c +++ b/plugins/check_curl.d/check_curl_helpers.c @@ -128,8 +128,20 @@ check_curl_configure_curl(const check_curl_static_curl_config config, char dnscache[DEFAULT_BUFFER_SIZE]; char addrstr[DEFAULT_BUFFER_SIZE / 2]; if (working_state.use_ssl && working_state.host_name != NULL) { + char *tmp_mod_address; + + /* lookup_host() requires an IPv6 address without the brackets. */ + if ((strnlen(working_state.server_address, MAX_IPV4_HOSTLENGTH) > 2) && + (working_state.server_address[0] == '[')) { + // Duplicate and strip the leading '[' + tmp_mod_address = + strndup(working_state.server_address + 1, strlen(working_state.server_address) - 2); + } else { + tmp_mod_address = working_state.server_address; + } + int res; - if ((res = lookup_host(working_state.server_address, addrstr, DEFAULT_BUFFER_SIZE / 2, + if ((res = lookup_host(tmp_mod_address, addrstr, DEFAULT_BUFFER_SIZE / 2, config.sin_family)) != 0) { die(STATE_CRITICAL, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), diff --git a/plugins/check_curl.d/check_curl_helpers.h b/plugins/check_curl.d/check_curl_helpers.h index 87e45a9d..e7b80f7e 100644 --- a/plugins/check_curl.d/check_curl_helpers.h +++ b/plugins/check_curl.d/check_curl_helpers.h @@ -7,6 +7,10 @@ # include #endif +enum { + MAX_IPV4_HOSTLENGTH = 255, +}; + /* for buffers for header and body */ typedef struct { size_t buflen; -- cgit v1.2.3-74-g34f1