[Nagios-devel] small bug in popen_timeout_alarm_handler() in popen.c
Posted: Thu Feb 16, 2006 2:27 pm
There is a small bug in popen_timeout_alarm_handler() in popen.c where
it assumes that the child_process variable actually exists, and I've
had it be NULL when the signal got sent, and had check_ping at least
core dump. It took me 2 days, but I found the bug and patched it
enough so it doesn't segfault anymore if the signal is sent. If
someone wants to go further into details about how I got this crash,
email me (on list, I'm subscribed), as it doesn't always happen, but I
think I found the situation where I can cause that signal to be sent
while child_process is NULL. But since accessing a pointer when it can
possibly be NULL is always bad, here's the patch that should go in
anyways:
Index: popen.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/popen.c,v
retrieving revision 1.13
diff -u -r1.13 popen.c
--- popen.c=0912 Sep 2005 10:31:28 -0000=091.13
+++ popen.c=0916 Feb 2006 22:08:38 -0000
@@ -270,9 +270,13 @@
{
=09int fh;
=09if (signo =3D=3D SIGALRM) {
-=09=09fh=3Dfileno (child_process);
-=09=09if(fh >=3D 0){
-=09=09=09kill (childpid[fh], SIGKILL);
+=09=09if(child_process !=3D NULL) {
+=09=09=09fh=3Dfileno (child_process);
+=09=09=09if(fh >=3D 0){
+=09=09=09=09kill (childpid[fh], SIGKILL);
+=09=09=09}
+=09=09} else {
+=09=09=09printf (_("CRITICAL - No child process?!\n"));
=09=09}
=09=09printf (_("CRITICAL - Plugin timed out after %d seconds\n"),
=09=09=09=09=09=09timeout_interval);
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
it assumes that the child_process variable actually exists, and I've
had it be NULL when the signal got sent, and had check_ping at least
core dump. It took me 2 days, but I found the bug and patched it
enough so it doesn't segfault anymore if the signal is sent. If
someone wants to go further into details about how I got this crash,
email me (on list, I'm subscribed), as it doesn't always happen, but I
think I found the situation where I can cause that signal to be sent
while child_process is NULL. But since accessing a pointer when it can
possibly be NULL is always bad, here's the patch that should go in
anyways:
Index: popen.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/popen.c,v
retrieving revision 1.13
diff -u -r1.13 popen.c
--- popen.c=0912 Sep 2005 10:31:28 -0000=091.13
+++ popen.c=0916 Feb 2006 22:08:38 -0000
@@ -270,9 +270,13 @@
{
=09int fh;
=09if (signo =3D=3D SIGALRM) {
-=09=09fh=3Dfileno (child_process);
-=09=09if(fh >=3D 0){
-=09=09=09kill (childpid[fh], SIGKILL);
+=09=09if(child_process !=3D NULL) {
+=09=09=09fh=3Dfileno (child_process);
+=09=09=09if(fh >=3D 0){
+=09=09=09=09kill (childpid[fh], SIGKILL);
+=09=09=09}
+=09=09} else {
+=09=09=09printf (_("CRITICAL - No child process?!\n"));
=09=09}
=09=09printf (_("CRITICAL - Plugin timed out after %d seconds\n"),
=09=09=09=09=09=09timeout_interval);
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]