[pkg-nagios-changes] [Git][nagios-team/pkg-nrpe][buster-backports] Add upstream patch to fix check_nrpe buffer length calculation.

Bas Couwenberg gitlab at salsa.debian.org
Thu Jan 23 05:02:34 GMT 2020 


Bas Couwenberg pushed to branch buster-backports at Debian Nagios Maintainer Group / pkg-nrpe


Commits:
f2184528 by Bas Couwenberg at 2020-01-23T05:53:04+01:00
Add upstream patch to fix check_nrpe buffer length calculation.

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/check_nrpe-buffer-length.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+nagios-nrpe (4.0.0-1~bpo10+2) buster-backports; urgency=medium
+
+  * Add upstream patch to fix check_nrpe buffer length calculation.
+
+ -- Bas Couwenberg <sebastic at debian.org>  Wed, 22 Jan 2020 20:36:49 +0100
+
 nagios-nrpe (4.0.0-1~bpo10+1) buster-backports; urgency=medium
 
   * Rebuild for buster-backports.


=====================================
debian/patches/check_nrpe-buffer-length.patch
=====================================
@@ -0,0 +1,56 @@
+Description: Fix buffer length calculation in check_nrpe.
+ - Buffer length was being calculated incorrectly when check_nrpe sends its
+   request.
+ - There was also a conditional that was missed when printing the final result,
+   which would cause a segfault once the buffer length issue was corrected.
+Author: Sebastian Wolf <swolf at nagios.com>
+Origin: https://github.com/NagiosEnterprises/nrpe/pull/225/commits/4529829e0048059dd0514f9cde95d7edaf3c07c8
+Bug: https://github.com/NagiosEnterprises/nrpe/issues/223
+
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -1,6 +1,11 @@
+ NRPE Changelog
+ ==============
+ 
++[4.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.1) - 2020-01-22
++---------------------------------------------------------------------------------------
++**FIXES**
++* Fixed syslog flooding with CRC-checking errors when both plugin and agent were updated to version 4 (Sebastian Wolf)
++
+ [4.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.0) - 2019-01-13
+ ---------------------------------------------------------------------------------------
+ Note: This update includes security fixes which affect both the check_nrpe plugin and 
+--- a/src/check_nrpe.c
++++ b/src/check_nrpe.c
+@@ -1230,7 +1230,9 @@ int send_request()
+ 		v3_send_packet->packet_version = htons(packet_ver);
+ 		v3_send_packet->packet_type = htons(QUERY_PACKET);
+ 		v3_send_packet->alignment = 0;
+-		v3_send_packet->buffer_length = htonl(pkt_size - sizeof(v3_packet) + 1);
++		v3_send_packet->buffer_length = pkt_size - sizeof(v3_packet);
++		v3_send_packet->buffer_length += (packet_ver == NRPE_PACKET_VERSION_4 ? NRPE_V4_PACKET_SIZE_OFFSET : NRPE_V3_PACKET_SIZE_OFFSET);
++		v3_send_packet->buffer_length = htonl(v3_send_packet->buffer_length);
+ 		strcpy(&v3_send_packet->buffer[0], query);
+ 
+ 		/* calculate the crc 32 value of the packet */
+@@ -1373,7 +1375,7 @@ int read_response()
+ 
+ 	/* get the return code from the remote plugin */
+ 	/* and print the output returned by the daemon */
+-	if (packet_ver == NRPE_PACKET_VERSION_3) {
++	if (packet_ver >= NRPE_PACKET_VERSION_3) {
+ 		result = ntohs(v3_receive_packet->result_code);
+ 		if (v3_receive_packet->buffer_length == 0) {
+ 			printf("CHECK_NRPE: No output returned from daemon.\n");
+@@ -1612,8 +1614,9 @@ int read_packet(int sock, void *ssl_ptr,
+ 				}
+ 			}
+ 			return -1;
+-		} else
++		} else {
+ 			tot_bytes += rc;
++		}
+ 	}
+ #endif
+ 


=====================================
debian/patches/series
=====================================
@@ -1,3 +1,4 @@
 02_nrpe.cfg_local-include_support_nrpe.d.patch
 07_warn_ssloption.patch
 11_reproducible_dh.h.patch
+check_nrpe-buffer-length.patch



View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nrpe/commit/f218452842acd9ad3812af2a8037ad8ef3b06f7b

-- 
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nrpe/commit/f218452842acd9ad3812af2a8037ad8ef3b06f7b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20200123/18e8c793/attachment-0001.html>

More information about the pkg-nagios-changes mailing list