[Pkg-nagios-devel] Bug#982847: Bug#982847: monitoring-plugins-standard: check_pgsql check of database name is too strict

Jan Wagner waja at cyconet.org
Mon Feb 15 14:23:53 GMT 2021 

forwarded 982847 https://github.com/monitoring-plugins/monitoring-plugins/issues/1660
forwarded 982847 https://github.com/monitoring-plugins/monitoring-plugins/issues/1661
thanks

Hi Florian,

thanks for bringing this to our attention.

Am 15.02.21 um 11:16 schrieb Florian Lohoff:
> diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
> index 11ce691..88cd029 100644
> --- a/plugins/check_pgsql.c
> +++ b/plugins/check_pgsql.c
> @@ -69,7 +69,6 @@ int process_arguments (int, char **);
>  int validate_arguments (void);
>  void print_usage (void);
>  void print_help (void);
> -int is_pg_dbname (char *);
>  int is_pg_logname (char *);
>  int do_query (PGconn *, char *);
>  
> @@ -344,11 +343,7 @@ process_arguments (int argc, char **argv)
>  				pgport = optarg;
>  			break;
>  		case 'd':     /* database name */
> -			if (!is_pg_dbname (optarg)) /* checks length and valid chars */
> -				usage2 (_("Database name is not valid"), optarg);
> -			else /* we know length, and know optarg is terminated, so us strcpy */
> -				strcpy (dbName, optarg);
> -			break;
> +			strcpy (dbName, optarg);
>  		case 'l':     /* login name */
>  			if (!is_pg_logname (optarg))
>  				usage2 (_("User name is not valid"), optarg);
> @@ -408,45 +403,6 @@ validate_arguments ()
>  	return OK;
>  }

are you sure it's a good idea to remove the break?

> @@ -344,11 +343,7 @@ process_arguments (int argc, char **argv)
>                                pgport = optarg;
>                         break;
>                 case 'd':     /* database name */
> -                       if (!is_pg_dbname (optarg)) /* checks length and valid chars */
> -                               usage2 (_("Database name is not valid"), optarg);
> -                       else /* we know length, and know optarg is terminated, so us strcpy */
> -                               strcpy (dbName, optarg);
> -                       break;
> +                       snprintf(dbName, NAMEDATALEN, "%s", optarg);
>                 case 'l':     /* login name */
>                         if (!is_pg_logname (optarg))
>                                 usage2 (_("User name is not valid"), optarg);

same here.

Many thanks, Jan.

More information about the Pkg-nagios-devel mailing list