From 6fb8e25e42d46a9521b3e680b55e5acd7c383060 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 13 Mar 2023 08:28:36 +0000 Subject: [PATCH 1/5] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream --- .../14_check_curl_fix_SSL_with_multiple_IPs | 211 ++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 212 insertions(+) create mode 100644 debian/patches/14_check_curl_fix_SSL_with_multiple_IPs diff --git a/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs new file mode 100644 index 0000000..7d1418a --- /dev/null +++ b/debian/patches/14_check_curl_fix_SSL_with_multiple_IPs @@ -0,0 +1,211 @@ +From 03f86b5d0809967855fbaafb4d600dc5b82081fa Mon Sep 17 00:00:00 2001 +From: Andreas Baumann +Date: Tue, 7 Mar 2023 19:51:33 +0100 +Subject: [PATCH 1/4] check_curl: in SSL host caching mode try to connect and + bind and take the first getaddrinfo result which succeeds + +--- + plugins/check_curl.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index c37d45d91..e1bc98dc9 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -386,6 +386,7 @@ lookup_host (const char *host, char *buf, size_t buflen) + struct addrinfo hints, *res, *result; + int errcode; + void *ptr; ++ int s; + + memset (&hints, 0, sizeof (hints)); + hints.ai_family = address_family; +@@ -399,19 +400,26 @@ lookup_host (const char *host, char *buf, size_t buflen) + res = result; + + while (res) { +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); +- switch (res->ai_family) { +- case AF_INET: +- ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; ++ inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); ++ switch (res->ai_family) { ++ case AF_INET: ++ ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; ++ break; ++ case AF_INET6: ++ ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; + break; +- case AF_INET6: +- ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; +- break; + } ++ + inet_ntop (res->ai_family, ptr, buf, buflen); + if (verbose >= 1) + printf ("* getaddrinfo IPv%d address: %s\n", + res->ai_family == PF_INET6 ? 6 : 4, buf); ++ ++ if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1) ++ continue; ++ if (bind (s, res->ai_addr, res->ai_addrlen == 0) ) ++ break; ++ + res = res->ai_next; + } + + +From 2902381c5de01f69d61569b0c8dae6a92e2b9843 Mon Sep 17 00:00:00 2001 +From: Barak Shohat +Date: Wed, 8 Mar 2023 11:56:43 +0200 +Subject: [PATCH 2/4] check_curl.c: Include all IPs from getaddrinfo() in curl + DNS cache + +--- + plugins/check_curl.c | 39 ++++++++++++++++++++++++++------------- + 1 file changed, 26 insertions(+), 13 deletions(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index e1bc98dc9..512fb88a6 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -384,9 +384,12 @@ int + lookup_host (const char *host, char *buf, size_t buflen) + { + struct addrinfo hints, *res, *result; ++ char addrstr[100]; ++ size_t addrstr_len; + int errcode; + void *ptr; + int s; ++ size_t buflen_remaining = buflen - 1; + + memset (&hints, 0, sizeof (hints)); + hints.ai_family = address_family; +@@ -396,33 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen) + errcode = getaddrinfo (host, NULL, &hints, &result); + if (errcode != 0) + return errcode; +- ++ ++ strcpy(buf, ""); + res = result; + + while (res) { +- inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); + switch (res->ai_family) { + case AF_INET: + ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; + break; + case AF_INET6: + ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; +- break; ++ break; + } + +- inet_ntop (res->ai_family, ptr, buf, buflen); +- if (verbose >= 1) ++ inet_ntop (res->ai_family, ptr, addrstr, 100); ++ if (verbose >= 1) { + printf ("* getaddrinfo IPv%d address: %s\n", +- res->ai_family == PF_INET6 ? 6 : 4, buf); ++ res->ai_family == PF_INET6 ? 6 : 4, addrstr); ++ } + +- if (s = socket (res->ai_family, res->ai_socktype, res->ai_protocol) == -1) +- continue; +- if (bind (s, res->ai_addr, res->ai_addrlen == 0) ) +- break; ++ // Append all IPs to buf as a comma-separated string ++ addrstr_len = strlen(addrstr); ++ if (buflen_remaining > addrstr_len + 1) { ++ if (buf[0] != NULL) { ++ strncat(buf, ",", 1); ++ buflen_remaining -= 1; ++ } ++ strncat(buf, addrstr, buflen_remaining); ++ buflen_remaining -= addrstr_len; ++ } + + res = res->ai_next; + } +- ++ + freeaddrinfo(result); + + return 0; +@@ -453,7 +463,7 @@ check_http (void) + int i; + char *force_host_header = NULL; + struct curl_slist *host = NULL; +- char addrstr[100]; ++ char addrstr[DEFAULT_BUFFER_SIZE/2]; + char dnscache[DEFAULT_BUFFER_SIZE]; + + /* initialize curl */ +@@ -505,7 +515,7 @@ check_http (void) + + // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy + if(use_ssl && host_name != NULL) { +- if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { ++ if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), + server_address, res, gai_strerror (res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); +@@ -800,6 +810,9 @@ check_http (void) + /* free header and server IP resolve lists, we don't need it anymore */ + curl_slist_free_all (header_list); header_list = NULL; + curl_slist_free_all (server_ips); server_ips = NULL; ++ if (host) { ++ curl_slist_free_all (host); host = NULL; ++ } + + /* Curl errors, result in critical Nagios state */ + if (res != CURLE_OK) { + +From fc927e98db73850e760f490117ed36f2de20270c Mon Sep 17 00:00:00 2001 +From: Andreas Baumann +Date: Wed, 8 Mar 2023 16:10:45 +0100 +Subject: [PATCH 3/4] fixed a wrong compare and a wrong size in strncat + +--- + plugins/check_curl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index 512fb88a6..cc17ef58a 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -422,8 +422,8 @@ lookup_host (const char *host, char *buf, size_t buflen) + // Append all IPs to buf as a comma-separated string + addrstr_len = strlen(addrstr); + if (buflen_remaining > addrstr_len + 1) { +- if (buf[0] != NULL) { +- strncat(buf, ",", 1); ++ if (buf[0] != '\0') { ++ strncat(buf, ",", buflen_remaining); + buflen_remaining -= 1; + } + strncat(buf, addrstr, buflen_remaining); + +From ea53555f2d6254da5fec0c1061899a01dd5321ec Mon Sep 17 00:00:00 2001 +From: Andreas Baumann +Date: Sat, 11 Mar 2023 11:40:00 +0100 +Subject: [PATCH 4/4] check_curl: removed a superflous variable + +--- + plugins/check_curl.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/plugins/check_curl.c b/plugins/check_curl.c +index cc17ef58a..e5be1ad56 100644 +--- a/plugins/check_curl.c ++++ b/plugins/check_curl.c +@@ -388,7 +388,6 @@ lookup_host (const char *host, char *buf, size_t buflen) + size_t addrstr_len; + int errcode; + void *ptr; +- int s; + size_t buflen_remaining = buflen - 1; + + memset (&hints, 0, sizeof (hints)); diff --git a/debian/patches/series b/debian/patches/series index b983742..7a2debc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,3 +5,4 @@ 11_fallback_for_gnutls 12_check_curl_improvements 13_check_icmp_improvements +14_check_curl_fix_SSL_with_multiple_IPs From eab1e1d487c6e8c4968985aa8cdee0ec685e6d6f Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 16 Mar 2023 22:11:03 +0000 Subject: [PATCH 2/5] Adding d/p/15_check_swap_remove_includes from upstream --- debian/patches/15_check_swap_remove_includes | 23 ++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 24 insertions(+) create mode 100644 debian/patches/15_check_swap_remove_includes diff --git a/debian/patches/15_check_swap_remove_includes b/debian/patches/15_check_swap_remove_includes new file mode 100644 index 0000000..fb65026 --- /dev/null +++ b/debian/patches/15_check_swap_remove_includes @@ -0,0 +1,23 @@ +From 8a8ee58e8925019b7532e7d14ebe488bb21fb3e6 Mon Sep 17 00:00:00 2001 +From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com> +Date: Thu, 16 Mar 2023 15:26:52 +0100 +Subject: [PATCH] check_swap: Remove unnecessary and problematic includes + +--- + plugins/check_swap.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/plugins/check_swap.c b/plugins/check_swap.c +index a607da1e9..25d5f21d0 100644 +--- a/plugins/check_swap.c ++++ b/plugins/check_swap.c +@@ -34,9 +34,6 @@ const char *email = "devel@monitoring-plugins.org"; + #include "common.h" + #include "popen.h" + #include "utils.h" +-#include +-#include +-#include + + #ifdef HAVE_DECL_SWAPCTL + # ifdef HAVE_SYS_PARAM_H diff --git a/debian/patches/series b/debian/patches/series index 7a2debc..3e14114 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ 12_check_curl_improvements 13_check_icmp_improvements 14_check_curl_fix_SSL_with_multiple_IPs +15_check_swap_remove_includes From 3ede3478c55963e8a03433856ddf0b4476be1ee7 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 30 Mar 2023 08:28:05 +0000 Subject: [PATCH 3/5] Adding d/p/16_check_snmp_disable_multiplier_when_unused from upstream --- ..._check_snmp_disable_multiplier_when_unused | 90 +++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 91 insertions(+) create mode 100644 debian/patches/16_check_snmp_disable_multiplier_when_unused diff --git a/debian/patches/16_check_snmp_disable_multiplier_when_unused b/debian/patches/16_check_snmp_disable_multiplier_when_unused new file mode 100644 index 0000000..9863c92 --- /dev/null +++ b/debian/patches/16_check_snmp_disable_multiplier_when_unused @@ -0,0 +1,90 @@ +From c874f950e8e5b6a805d8adf759d521501b22c7ce Mon Sep 17 00:00:00 2001 +From: Sven Nierlein +Date: Wed, 15 Mar 2023 09:51:18 +0100 +Subject: [PATCH 1/2] check_snmp: disable multiplier when unused + + - if no multiplier is set, simply return the given string. Otherwise we would strip off the unit. + - if used, allocate new space to hold the result which might be larger than the initial input + +Signed-off-by: Sven Nierlein +--- + plugins/check_snmp.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c +index d3968a27d..c4ddd0edd 100644 +--- a/plugins/check_snmp.c ++++ b/plugins/check_snmp.c +@@ -46,6 +46,7 @@ const char *email = "devel@monitoring-plugins.org"; + #define DEFAULT_PRIV_PROTOCOL "DES" + #define DEFAULT_DELIMITER "=" + #define DEFAULT_OUTPUT_DELIMITER " " ++#define DEFAULT_BUFFER_SIZE 100 + + #define mark(a) ((a)!=0?"*":"") + +@@ -157,6 +158,7 @@ int perf_labels = 1; + char* ip_version = ""; + double multiplier = 1.0; + char *fmtstr = ""; ++char buffer[DEFAULT_BUFFER_SIZE]; + + static char *fix_snmp_range(char *th) + { +@@ -1169,6 +1171,9 @@ multiply (char *str) + double val; + char *conv = "%f"; + ++ if(multiplier == 1) ++ return(str); ++ + if(verbose>2) + printf(" multiply input: %s\n", str); + +@@ -1187,15 +1192,15 @@ multiply (char *str) + conv = fmtstr; + } + if (val == (int)val) { +- sprintf(str, "%.0f", val); ++ snprintf(buffer, DEFAULT_BUFFER_SIZE, "%.0f", val); + } else { + if(verbose>2) + printf(" multiply using format: %s\n", conv); +- sprintf(str, conv, val); ++ snprintf(buffer, DEFAULT_BUFFER_SIZE, conv, val); + } + if(verbose>2) +- printf(" multiply result: %s\n", str); +- return str; ++ printf(" multiply result: %s\n", buffer); ++ return buffer; + } + + + +From 6e64973a4486248ff6c3de7d72637e44b6474c3e Mon Sep 17 00:00:00 2001 +From: Sven Nierlein +Date: Mon, 27 Mar 2023 12:59:53 +0200 +Subject: [PATCH 2/2] simplify code + +if statement is always true at this point, so remove it. +--- + plugins/check_snmp.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c +index c4ddd0edd..aefda3d29 100644 +--- a/plugins/check_snmp.c ++++ b/plugins/check_snmp.c +@@ -1179,10 +1179,7 @@ multiply (char *str) + + val = strtod (str, &endptr); + if ((val == 0.0) && (endptr == str)) { +- if(multiplier != 1) { +- die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str); +- } +- return str; ++ die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str); + } + + if(verbose>2) diff --git a/debian/patches/series b/debian/patches/series index 3e14114..ae89285 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ 13_check_icmp_improvements 14_check_curl_fix_SSL_with_multiple_IPs 15_check_swap_remove_includes +16_check_snmp_disable_multiplier_when_unused From e11debafd4c8b11158e52b1b876d8304912035a0 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 30 Mar 2023 08:52:13 +0000 Subject: [PATCH 4/5] Prepare release --- debian/changelog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index e39806a..d938ad6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,10 @@ -monitoring-plugins (2.3.3-5) UNRELEASED; urgency=medium +monitoring-plugins (2.3.3-5) unstable; urgency=medium - * + * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream + * [eab1e1d] Adding d/p/15_check_swap_remove_includes from upstream + * [3ede347] Adding d/p/16_check_snmp_disable_multiplier_when_unused from upstream - -- Jan Wagner Tue, 07 Mar 2023 14:17:14 +0000 + -- Jan Wagner Thu, 30 Mar 2023 08:51:53 +0000 monitoring-plugins (2.3.3-4) unstable; urgency=medium From deeee8535014bf1b7484b18597b822512ee416b8 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Thu, 30 Mar 2023 09:33:54 +0000 Subject: [PATCH 5/5] New changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index d938ad6..23f07aa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +monitoring-plugins (2.3.3-6) UNRELEASED; urgency=medium + + * + + -- Jan Wagner Thu, 30 Mar 2023 09:33:25 +0000 + monitoring-plugins (2.3.3-5) unstable; urgency=medium * [6fb8e25] Adding d/p/14_check_curl_fix_SSL_with_multiple_IPs from upstream