[Nagios-devel] Segfaults when NRPE is called with --no-ssl
Posted: Sat Apr 08, 2006 5:08 am
--vGgW1X5XWziG23Ko
Content-Type: multipart/mixed; boundary="5mCyUwZo2JvN/JJP"
Content-Disposition: inline
--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
hey ethan,
looks like there are some unconditional free()'s in nrpe that
act on uninitialized pointers if --no-ssl is used. a patch is=20
was provided by the bug reporter, and is attached.
the original bugreport can be found at:
http://bugs.debian.org/361233
sean
--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="03_nrpe.c_invalid_free.dpatch"
Content-Transfer-Encoding: quoted-printable
#! /bin/sh /usr/share/dpatch/dpatch-run
## 03_nrpe.c_invalid_free.dpatch by
##
## DP: patch from Peter Palfrader to not call free()
## DP: on unitialized pointers when --no-ssl is used.
@DPATCH@
diff -urNad --exclude=3DCVS --exclude=3D.svn ./src/nrpe.c /home/sean/tmp/dp=
ep-work.xTqz8T/nagios-nrpe-2.5/src/nrpe.c
--- ./src/nrpe.c 2006-04-08 15:01:37.000000000 +0200
+++ /home/sean/tmp/dpep-work.xTqz8T/nagios-nrpe-2.5/src/nrpe.c 2006-04-08 1=
5:01:42.000000000 +0200
@@ -1017,9 +1017,11 @@
syslog(LOG_ERR,"Could not read request from client, bailing out...");
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
- syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+ }
#endif
=20
return;
@@ -1032,8 +1034,10 @@
syslog(LOG_ERR,"Data packet from client was too short, bailing out...");
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ }
#endif
=20
return;
@@ -1062,8 +1066,10 @@
}
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ }
#endif
=20
return;
@@ -1186,8 +1192,10 @@
#endif
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ }
#endif
=20
/* log info to syslog facility */
--5mCyUwZo2JvN/JJP--
--vGgW1X5XWziG23Ko
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEN7XUynjLPm522B0RAs7UAJwKA3JPVTuT0Kmzinv+ZCF0qc5NwACff7C5
4jrNAJXdQwD8dRnJ77npkg8=
=oxg6
-----END PGP SIGNATURE-----
--vGgW1X5XWziG23Ko--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Content-Type: multipart/mixed; boundary="5mCyUwZo2JvN/JJP"
Content-Disposition: inline
--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
hey ethan,
looks like there are some unconditional free()'s in nrpe that
act on uninitialized pointers if --no-ssl is used. a patch is=20
was provided by the bug reporter, and is attached.
the original bugreport can be found at:
http://bugs.debian.org/361233
sean
--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="03_nrpe.c_invalid_free.dpatch"
Content-Transfer-Encoding: quoted-printable
#! /bin/sh /usr/share/dpatch/dpatch-run
## 03_nrpe.c_invalid_free.dpatch by
##
## DP: patch from Peter Palfrader to not call free()
## DP: on unitialized pointers when --no-ssl is used.
@DPATCH@
diff -urNad --exclude=3DCVS --exclude=3D.svn ./src/nrpe.c /home/sean/tmp/dp=
ep-work.xTqz8T/nagios-nrpe-2.5/src/nrpe.c
--- ./src/nrpe.c 2006-04-08 15:01:37.000000000 +0200
+++ /home/sean/tmp/dpep-work.xTqz8T/nagios-nrpe-2.5/src/nrpe.c 2006-04-08 1=
5:01:42.000000000 +0200
@@ -1017,9 +1017,11 @@
syslog(LOG_ERR,"Could not read request from client, bailing out...");
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
- syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+ }
#endif
=20
return;
@@ -1032,8 +1034,10 @@
syslog(LOG_ERR,"Data packet from client was too short, bailing out...");
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ }
#endif
=20
return;
@@ -1062,8 +1066,10 @@
}
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ }
#endif
=20
return;
@@ -1186,8 +1192,10 @@
#endif
=20
#ifdef HAVE_SSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
+ if (ssl) {
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+ }
#endif
=20
/* log info to syslog facility */
--5mCyUwZo2JvN/JJP--
--vGgW1X5XWziG23Ko
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEN7XUynjLPm522B0RAs7UAJwKA3JPVTuT0Kmzinv+ZCF0qc5NwACff7C5
4jrNAJXdQwD8dRnJ77npkg8=
=oxg6
-----END PGP SIGNATURE-----
--vGgW1X5XWziG23Ko--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]