[Pkg-nagios-devel] Bug#786492: nagios-nrpe-server: not all allowed_hosts are checked after dns failure

James Dingwall james.dingwall at zynstra.com
Fri May 22 09:23:53 UTC 2015 

Package: nagios-nrpe-server
Version: 2.13-3
Severity: normal
Tags: upstream

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?

allowed_hosts=good_dns1,bad_dns,good_dns2

nagios-nrpe-server rejected good_dns2 because the is_an_allowed_host() function
returns failure as soon as there is a DNS failure rather then processing all
items in the dns_acl list.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

re-ordering the allowed_hosts to have good_dns entries before bad was
a workaround.

   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***

This patch for acl.c fixes the observed problem by continuing
to iterate over the remaining items in the dns_acl list even
after a NULL value has been returned by gethostbyname()


--- nagios-nrpe-2.13/src/acl.c	2011-11-04 18:57:41.000000000 +0000
+++ nagios-nrpe-2.13.new/src/acl.c	2015-05-22 10:15:44.073569182 +0100
@@ -371,14 +371,13 @@
 
         while(dns_acl_curr != NULL) {
         he = gethostbyname(dns_acl_curr->domain);
-        if (he == NULL)
-                        return 0;
-
+        if (he != NULL) {
                 while (*he->h_addr_list) {
                         memmove((char *)&addr,*he->h_addr_list++, sizeof(addr));
                         if (addr.s_addr == host.s_addr)
                                 return 1;
                 }
+	}
                 dns_acl_curr = dns_acl_curr->next;
         }
         return 0;



-- System Information:
Debian Release: 7.8
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-untangle-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nagios-nrpe-server depends on:
ii  adduser      3.113+nmu3
ii  libc6        2.13-38+deb7u6
ii  libssl1.0.0  1.0.1e-2+deb7u13
ii  libwrap0     7.6.q-24
ii  lsb-base     4.1+Debian8+deb7u1

Versions of packages nagios-nrpe-server recommends:
ii  nagios-plugins        1.4.16-1
ii  nagios-plugins-basic  1.4.16-1

nagios-nrpe-server suggests no packages.

-- Configuration Files:
/etc/nagios/nrpe.cfg changed [not included]

-- no debconf information

More information about the Pkg-nagios-devel mailing list