check_http (2.2.1) segmentation fault
Posted: Tue Jun 19, 2018 2:36 pm
Howdy,
Today, I am sometime seeing a segmentation fault on the current check_http plugin (2.2.1 via the EPEL RPM) against a particular host.
The issue is in decode_chunked_page()'s parsing logic, perhaps when it encounters extra whitespace (spaces, newlines, and tabs) at the top of the body (which is present in today's cached page that the plugin happens to be getting).
While this is temporary and can be fixed by regenerating the cache on the server side, this seems to expose some issue in the plugin's parsing of chunked content. I haven't delved deeply into the code (and haven't dealt with C in a while), but I've included a gdb backtrace showing the issue.
Headers output from a verbose non-segfaulting run:
-AJ
Today, I am sometime seeing a segmentation fault on the current check_http plugin (2.2.1 via the EPEL RPM) against a particular host.
The issue is in decode_chunked_page()'s parsing logic, perhaps when it encounters extra whitespace (spaces, newlines, and tabs) at the top of the body (which is present in today's cached page that the plugin happens to be getting).
While this is temporary and can be fixed by regenerating the cache on the server side, this seems to expose some issue in the plugin's parsing of chunked content. I haven't delved deeply into the code (and haven't dealt with C in a while), but I've included a gdb backtrace showing the issue.
Code: Select all
(gdb) run
Starting program: /usr/lib64/nagios/plugins/check_http -H www.berkeley.edu -S -v
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
SSL initialized
GET / HTTP/1.1
User-Agent: check_http/v2.2.1.git (nagios-plugins 2.2.1)
Connection: close
Host: www.berkeley.edu
Accept: */*
https://www.berkeley.edu:443/ is 49725 characters
STATUS: HTTP/1.1 200 OK
Program received signal SIGSEGV, Segmentation fault.
__memmove_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:1553
1553 movdqu 0x50(%rsi), %xmm5
(gdb) backtrace full
#0 __memmove_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:1553
No locals.
#1 0x0000555555557eba in memmove (__len=1143144, __src=0x5555557c3315, __dest=<optimized out>) at /usr/include/bits/string3.h:57
No locals.
#2 decode_chunked_page (
raw=raw@entry=0x5555557bcac3 " \n \t \n \n\t<!DOCTYPE html>\n<html lang=\"en\" class=\"no-js\">\n<head>\n<meta charset=\"utf-8\">\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\"/>\n<title>Home | University of California, Berke"...,
dst=dst@entry=0x5555557bcac3 " \n \t \n \n\t<!DOCTYPE html>\n<html lang=\"en\" class=\"no-js\">\n<head>\n<meta charset=\"utf-8\">\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\"/>\n<title>Home | University of California, Berke"...) at check_http.c:725
chunksize = 1143144
raw_pos = 0x5555557c3315 "media-left\">\n", ' ' <repeats 12 times>, "\t<div class=\"date\">\n\t\t\t\t\t\t\t\t\t", ' ' <repeats 16 times>, "\n\t\t\t\t\t<span class=\"month\">JUN</span> <span class=\"day\">21</span>\n", '\t' <repeats 13 times>, "</div>\n\t\t\t</div>\n\t\t\t<div class=\"media-body\">\n\t\t\t\t\t\t\t"...
dst_pos = <optimized out>
#3 0x000055555555994c in check_http () at check_http.c:1237
msg = 0x0
status_line = 0x5555557a3470 "HTTP/1.1 200 OK"
status_code = <optimized out>
header = 0x5555557bc9b1 "Date: Tue, 19 Jun 2018 19:20:41 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nServer: Apache/2.4\r\nX-Powered-By: PHP/5.4.16\r\nVary: Accept-Encoding,User-Age"...
page = 0x5555557bcac3 " \n \t \n \n\t<!DOCTYPE html>\n<html lang=\"en\" class=\"no-js\">\n<head>\n<meta charset=\"utf-8\">\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\"/>\n<title>Home | University of California, Berke"...
auth = 0x0
i = <optimized out>
pagesize = 49725
full_page = <optimized out>
full_page_new = <optimized out>
buf = 0x5555557b4c30 "GET / HTTP/1.1\r\nUser-Agent: check_http/v2.2.1.git (nagios-plugins 2.2.1)\r\nConnection: close\r\nHost: www.berkeley.edu\r\nAccept: */*\r\n\r\n"
pos = <optimized out>
microsec = 171406
elapsed_time = 0.17140599999999998
microsec_connect = <optimized out>
elapsed_time_connect = 0.027892
microsec_ssl = <optimized out>
elapsed_time_ssl = 0.051819999999999998
microsec_firstbyte = <optimized out>
elapsed_time_firstbyte = 0.067794999999999994
microsec_headers = 20
elapsed_time_headers = 1.9999999999999998e-05
microsec_transfer = <optimized out>
elapsed_time_transfer = 0.091553999999999996
page_len = 0
result = 0
force_host_header = <optimized out>
bad_response = 0
save_char = <optimized out>
#4 0x0000555555557738 in main (argc=5, argv=<optimized out>) at check_http.c:183
result = 3
Code: Select all
https://www.berkeley.edu:443/ is 49724 characters
STATUS: HTTP/1.1 200 OK
**** HEADER ****
Date: Tue, 19 Jun 2018 19:20:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Server: Apache/2.4
X-Powered-By: PHP/5.4.16
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=300
Expires: Tue, 19 Jun 2018 19:25:38 GMT