[Pkg-nagios-devel] Bug#460097: nagios-plugins-basic: check_http --max-age broken; possible buffer overflow.

Hilko Bengen bengen at debian.org
Thu Jan 10 14:58:04 UTC 2008 

Package: nagios-plugins-basic
Version: 1.4.8-2.2
Severity: important
Tags: patch

I wanted to use check_http to ensure that a local Debian mirror is
up-to-date by checking the age of the release file:

$ /usr/lib/nagios/plugins/check_http --max-age=1d --url=http://ftp.de.debian.org/debian/dists/sid/Release ftp.de.debian.org ; echo
CRITICAL - Server date "                                                                       Thu, 10 Jan 2008 08:13:16 UTC" unparsable
$ 

The Date "header" that check_http fails to parse here, however, comes
from the _contents_ of the Release file itself: The
check_document_dates steps over an end-of-string '\0' that terminates
the headers, so everything the server sends us is interpreted like
headers.

The simple patch below fixes this.

Cheers,
-Hilko

#! /bin/sh /usr/share/dpatch/dpatch-run
## 28_check_http_date.dpatch by Hilko Bengen <bengen at debian.org>
##
## DP: Prevents check_http from trying to extract Date or
## DP: Last-Modified header from file content.

@DPATCH@
diff -urNad nagios-plugins-1.4.10/plugins/check_http.c nagios-plugins-1.4.10/plugins/check_http.c
--- nagios-plugins-1.4.10/plugins/check_http.c	2008-01-10 14:46:47.000000000 +0100
+++ nagios-plugins-1.4.10/plugins/check_http.c	2008-01-10 14:50:07.000000000 +0100
@@ -632,7 +632,10 @@
     /* Skip to the end of the header, including continuation lines. */
     while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
       s++;
-    s++;
+
+    /* Avoid stepping over end-of-string marker */
+    if (*s)
+      s++;
 
     /* Process this header. */
     if (value && value > field+2) {


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.23-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages nagios-plugins-basic depends on:
ii  iputils-ping                3:20071127-1 Tools to test the reachability of 
ii  libc6                       2.7-5        GNU C Library: Shared libraries
ii  libssl0.9.8                 0.9.8g-3     SSL shared libraries
ii  procps                      1:3.2.7-5    /proc file system utilities
ii  ucf                         3.004        Update Configuration File: preserv

nagios-plugins-basic recommends no packages.

-- no debconf information

More information about the Pkg-nagios-devel mailing list