[pkg-nagios-changes] [Git][nagios-team/monitoring-plugins][master] 3 commits: Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
Jan Wagner (@waja)
gitlab at salsa.debian.org
Thu Mar 30 09:42:41 BST 2023
Jan Wagner pushed to branch master at Debian Nagios Maintainer Group / monitoring-plugins
Commits:
6fb8e25e by Jan Wagner at 2023-03-24T19:10:07+00:00
Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream
- - - - -
eab1e1d4 by Jan Wagner at 2023-03-24T19:11:41+00:00
Adding d/p/15_check_swap_remove_includes from upstream
- - - - -
3ede3478 by Jan Wagner at 2023-03-30T08:36:08+00:00
Adding d/p/16_check_snmp_disable_multiplier_when_unused from upstream
- - - - -
4 changed files:
- + debian/patches/14_check_curl_fix_SSL_with_multiple_IPs
- + debian/patches/15_check_swap_remove_includes
- + debian/patches/16_check_snmp_disable_multiplier_when_unused
- debian/patches/series
Changes:
=====================================
debian/patches/14_check_curl_fix_SSL_with_multiple_IPs
=====================================
@@ -0,0 +1,211 @@
+From 03f86b5d0809967855fbaafb4d600dc5b82081fa Mon Sep 17 00:00:00 2001
+From: Andreas Baumann <mail at andreasbaumann.cc>
+Date: Tue, 7 Mar 2023 19:51:33 +0100
+Subject: [PATCH 1/4] check_curl: in SSL host caching mode try to connect and
+ bind and take the first getaddrinfo result which succeeds
+
+---
+ plugins/check_curl.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index c37d45d91..e1bc98dc9 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -386,6 +386,7 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ struct addrinfo hints, *res, *result;
+ int errcode;
+ void *ptr;
++ int s;
+
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = address_family;
+@@ -399,19 +400,26 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ res = result;
+
+ while (res) {
+- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+- switch (res->ai_family) {
+- case AF_INET:
+- ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
++ inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
++ switch (res->ai_family) {
++ case AF_INET:
++ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
++ break;
++ case AF_INET6:
++ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+ break;
+- case AF_INET6:
+- ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+- break;
+ }
++
+ inet_ntop (res->ai_family, ptr, buf, buflen);
+ if (verbose >= 1)
+ printf ("* getaddrinfo IPv%d address: %s\n",
+ res->ai_family == PF_INET6 ? 6 : 4, buf);
++
++ if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1)
++ continue;
++ if (bind (s, res->ai_addr, res->ai_addrlen == 0) )
++ break;
++
+ res = res->ai_next;
+ }
+
+
+From 2902381c5de01f69d61569b0c8dae6a92e2b9843 Mon Sep 17 00:00:00 2001
+From: Barak Shohat <barak at bazzisoft.com>
+Date: Wed, 8 Mar 2023 11:56:43 +0200
+Subject: [PATCH 2/4] check_curl.c: Include all IPs from getaddrinfo() in curl
+ DNS cache
+
+---
+ plugins/check_curl.c | 39 ++++++++++++++++++++++++++-------------
+ 1 file changed, 26 insertions(+), 13 deletions(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index e1bc98dc9..512fb88a6 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -384,9 +384,12 @@ int
+ lookup_host (const char *host, char *buf, size_t buflen)
+ {
+ struct addrinfo hints, *res, *result;
++ char addrstr[100];
++ size_t addrstr_len;
+ int errcode;
+ void *ptr;
+ int s;
++ size_t buflen_remaining = buflen - 1;
+
+ memset (&hints, 0, sizeof (hints));
+ hints.ai_family = address_family;
+@@ -396,33 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ errcode = getaddrinfo (host, NULL, &hints, &result);
+ if (errcode != 0)
+ return errcode;
+-
++
++ strcpy(buf, "");
+ res = result;
+
+ while (res) {
+- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+ switch (res->ai_family) {
+ case AF_INET:
+ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+ break;
+ case AF_INET6:
+ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+- break;
++ break;
+ }
+
+- inet_ntop (res->ai_family, ptr, buf, buflen);
+- if (verbose >= 1)
++ inet_ntop (res->ai_family, ptr, addrstr, 100);
++ if (verbose >= 1) {
+ printf ("* getaddrinfo IPv%d address: %s\n",
+- res->ai_family == PF_INET6 ? 6 : 4, buf);
++ res->ai_family == PF_INET6 ? 6 : 4, addrstr);
++ }
+
+- if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1)
+- continue;
+- if (bind (s, res->ai_addr, res->ai_addrlen == 0) )
+- break;
++ // Append all IPs to buf as a comma-separated string
++ addrstr_len = strlen(addrstr);
++ if (buflen_remaining > addrstr_len + 1) {
++ if (buf[0] != NULL) {
++ strncat(buf, ",", 1);
++ buflen_remaining -= 1;
++ }
++ strncat(buf, addrstr, buflen_remaining);
++ buflen_remaining -= addrstr_len;
++ }
+
+ res = res->ai_next;
+ }
+-
++
+ freeaddrinfo(result);
+
+ return 0;
+@@ -453,7 +463,7 @@ check_http (void)
+ int i;
+ char *force_host_header = NULL;
+ struct curl_slist *host = NULL;
+- char addrstr[100];
++ char addrstr[DEFAULT_BUFFER_SIZE/2];
+ char dnscache[DEFAULT_BUFFER_SIZE];
+
+ /* initialize curl */
+@@ -505,7 +515,7 @@ check_http (void)
+
+ // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
+ if(use_ssl && host_name != NULL) {
+- if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
++ if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
+ snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
+ server_address, res, gai_strerror (res));
+ die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+@@ -800,6 +810,9 @@ check_http (void)
+ /* free header and server IP resolve lists, we don't need it anymore */
+ curl_slist_free_all (header_list); header_list = NULL;
+ curl_slist_free_all (server_ips); server_ips = NULL;
++ if (host) {
++ curl_slist_free_all (host); host = NULL;
++ }
+
+ /* Curl errors, result in critical Nagios state */
+ if (res != CURLE_OK) {
+
+From fc927e98db73850e760f490117ed36f2de20270c Mon Sep 17 00:00:00 2001
+From: Andreas Baumann <mail at andreasbaumann.cc>
+Date: Wed, 8 Mar 2023 16:10:45 +0100
+Subject: [PATCH 3/4] fixed a wrong compare and a wrong size in strncat
+
+---
+ plugins/check_curl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index 512fb88a6..cc17ef58a 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -422,8 +422,8 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ // Append all IPs to buf as a comma-separated string
+ addrstr_len = strlen(addrstr);
+ if (buflen_remaining > addrstr_len + 1) {
+- if (buf[0] != NULL) {
+- strncat(buf, ",", 1);
++ if (buf[0] != '\0') {
++ strncat(buf, ",", buflen_remaining);
+ buflen_remaining -= 1;
+ }
+ strncat(buf, addrstr, buflen_remaining);
+
+From ea53555f2d6254da5fec0c1061899a01dd5321ec Mon Sep 17 00:00:00 2001
+From: Andreas Baumann <mail at andreasbaumann.cc>
+Date: Sat, 11 Mar 2023 11:40:00 +0100
+Subject: [PATCH 4/4] check_curl: removed a superflous variable
+
+---
+ plugins/check_curl.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/plugins/check_curl.c b/plugins/check_curl.c
+index cc17ef58a..e5be1ad56 100644
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -388,7 +388,6 @@ lookup_host (const char *host, char *buf, size_t buflen)
+ size_t addrstr_len;
+ int errcode;
+ void *ptr;
+- int s;
+ size_t buflen_remaining = buflen - 1;
+
+ memset (&hints, 0, sizeof (hints));
=====================================
debian/patches/15_check_swap_remove_includes
=====================================
@@ -0,0 +1,23 @@
+From 8a8ee58e8925019b7532e7d14ebe488bb21fb3e6 Mon Sep 17 00:00:00 2001
+From: RincewindsHat <12514511+RincewindsHat at users.noreply.github.com>
+Date: Thu, 16 Mar 2023 15:26:52 +0100
+Subject: [PATCH] check_swap: Remove unnecessary and problematic includes
+
+---
+ plugins/check_swap.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/plugins/check_swap.c b/plugins/check_swap.c
+index a607da1e9..25d5f21d0 100644
+--- a/plugins/check_swap.c
++++ b/plugins/check_swap.c
+@@ -34,9 +34,6 @@ const char *email = "devel at monitoring-plugins.org";
+ #include "common.h"
+ #include "popen.h"
+ #include "utils.h"
+-#include <string.h>
+-#include <math.h>
+-#include <libintl.h>
+
+ #ifdef HAVE_DECL_SWAPCTL
+ # ifdef HAVE_SYS_PARAM_H
=====================================
debian/patches/16_check_snmp_disable_multiplier_when_unused
=====================================
@@ -0,0 +1,90 @@
+From c874f950e8e5b6a805d8adf759d521501b22c7ce Mon Sep 17 00:00:00 2001
+From: Sven Nierlein <Sven.Nierlein at consol.de>
+Date: Wed, 15 Mar 2023 09:51:18 +0100
+Subject: [PATCH 1/2] check_snmp: disable multiplier when unused
+
+ - if no multiplier is set, simply return the given string. Otherwise we would strip off the unit.
+ - if used, allocate new space to hold the result which might be larger than the initial input
+
+Signed-off-by: Sven Nierlein <sven at consol.de>
+---
+ plugins/check_snmp.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
+index d3968a27d..c4ddd0edd 100644
+--- a/plugins/check_snmp.c
++++ b/plugins/check_snmp.c
+@@ -46,6 +46,7 @@ const char *email = "devel at monitoring-plugins.org";
+ #define DEFAULT_PRIV_PROTOCOL "DES"
+ #define DEFAULT_DELIMITER "="
+ #define DEFAULT_OUTPUT_DELIMITER " "
++#define DEFAULT_BUFFER_SIZE 100
+
+ #define mark(a) ((a)!=0?"*":"")
+
+@@ -157,6 +158,7 @@ int perf_labels = 1;
+ char* ip_version = "";
+ double multiplier = 1.0;
+ char *fmtstr = "";
++char buffer[DEFAULT_BUFFER_SIZE];
+
+ static char *fix_snmp_range(char *th)
+ {
+@@ -1169,6 +1171,9 @@ multiply (char *str)
+ double val;
+ char *conv = "%f";
+
++ if(multiplier == 1)
++ return(str);
++
+ if(verbose>2)
+ printf(" multiply input: %s\n", str);
+
+@@ -1187,15 +1192,15 @@ multiply (char *str)
+ conv = fmtstr;
+ }
+ if (val == (int)val) {
+- sprintf(str, "%.0f", val);
++ snprintf(buffer, DEFAULT_BUFFER_SIZE, "%.0f", val);
+ } else {
+ if(verbose>2)
+ printf(" multiply using format: %s\n", conv);
+- sprintf(str, conv, val);
++ snprintf(buffer, DEFAULT_BUFFER_SIZE, conv, val);
+ }
+ if(verbose>2)
+- printf(" multiply result: %s\n", str);
+- return str;
++ printf(" multiply result: %s\n", buffer);
++ return buffer;
+ }
+
+
+
+From 6e64973a4486248ff6c3de7d72637e44b6474c3e Mon Sep 17 00:00:00 2001
+From: Sven Nierlein <sven at consol.de>
+Date: Mon, 27 Mar 2023 12:59:53 +0200
+Subject: [PATCH 2/2] simplify code
+
+if statement is always true at this point, so remove it.
+---
+ plugins/check_snmp.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
+index c4ddd0edd..aefda3d29 100644
+--- a/plugins/check_snmp.c
++++ b/plugins/check_snmp.c
+@@ -1179,10 +1179,7 @@ multiply (char *str)
+
+ val = strtod (str, &endptr);
+ if ((val == 0.0) && (endptr == str)) {
+- if(multiplier != 1) {
+- die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
+- }
+- return str;
++ die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
+ }
+
+ if(verbose>2)
=====================================
debian/patches/series
=====================================
@@ -5,3 +5,6 @@
11_fallback_for_gnutls
12_check_curl_improvements
13_check_icmp_improvements
+14_check_curl_fix_SSL_with_multiple_IPs
+15_check_swap_remove_includes
+16_check_snmp_disable_multiplier_when_unused
View it on GitLab: https://salsa.debian.org/nagios-team/monitoring-plugins/-/compare/aa5586d163eedf2f67983c7bba0d11fb8f556c39...3ede3478c55963e8a03433856ddf0b4476be1ee7
--
View it on GitLab: https://salsa.debian.org/nagios-team/monitoring-plugins/-/compare/aa5586d163eedf2f67983c7bba0d11fb8f556c39...3ede3478c55963e8a03433856ddf0b4476be1ee7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20230330/14c2c0e0/attachment-0001.htm>
More information about the pkg-nagios-changes
mailing list