Bug 1298766

Summary: check_dhcp segfaults while parsing arguments
Product: [Fedora] Fedora EPEL Reporter: Greg Bowser <topnotcher>
Component: nagios-pluginsAssignee: Stephen John Smoogen <smooge>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: epel7CC: bperkins, kmf, mhayden, ondrejj, smooge, swilkerson
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: nagios-plugins-2.2.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-30 03:17:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch that resolves issue none

Description Greg Bowser 2016-01-15 00:39:09 UTC 
Created attachment 1114991 [details]
patch that resolves issue

Description of problem:

While parsing command-line arguments, check_dhcp segfaults due to an out-of-bounds array access. I can reproduce this consistently when running a check from Shinken with the following command line (running the same command directly from the shell does not segfault, but this seems to be dumb luck regarding how the memory is allocated):

/usr/lib64/nagios/plugins/check_dhcp -s 10.14.204.209 -m 00:de:ad:be:ef:00 -r 10.14.204.251 -u -i ens32

Here's the backtrace from a coredump:

#0  0x00007f4e6ed99d42 in _getopt_internal_r (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, optstring=0x7f4e6fb22c75 "hVvt:s:r:t:i:m:u", 
    optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, longind=longind@entry=0x7ffffff4fd04, 
    long_only=long_only@entry=0, d=d@entry=0x7f4e6f07d400 <getopt_data>, posixly_correct=posixly_correct@entry=0) at getopt.c:463
#1  0x00007f4e6ed9aeab in _getopt_internal (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, 
    optstring=optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, 
    longind=longind@entry=0x7ffffff4fd04, long_only=long_only@entry=0, posixly_correct=posixly_correct@entry=0) at getopt.c:1176
#2  0x00007f4e6ed9af33 in getopt_long (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, options=options@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", 
    long_options=long_options@entry=0x7f4e6fd26040 <long_options.21493>, opt_index=opt_index@entry=0x7ffffff4fd04) at getopt1.c:65
#3  0x00007f4e6fb1c2fb in call_getopt (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0) at check_dhcp.c:1104
#4  0x00007f4e6fb1c510 in process_arguments (argc=10, argv=0x7ffffff4fe78) at check_dhcp.c:1071
#5  0x00007f4e6fb1a3cd in main (argc=10, argv=<optimized out>) at check_dhcp.c:269

The line where the segfault occurs is (glibc/getopt.c:463):

if (d->optind != argc && !strcmp (argv[d->optind], "--"))

When this line segfaults, d->optind = 10, but argc = 1 -- clearly d->optind is out-of-bounds. The cause seems to be check_dhcp.c:process_arguments, which causes getopt_long to be called multiple times with different values of argc and argv:

while((c+=(call_getopt(argc-c,&argv[c])))<argc){

If I replace this loop with a single call to call_getopt (as in the attached patch), it works flawlessly.

Version-Release number of selected component (if applicable):
Name        : nagios-plugins-dhcp
Arch        : x86_64
Version     : 2.0.3
Release     : 3.el7
Size        : 61 k
Repo        : installed
From repo   : epel
Comment 1 Fedora Update System 2017-02-15 14:41:58 UTC 
nagios-plugins-2.1.4-5.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
Comment 2 Fedora Update System 2017-02-16 17:18:39 UTC 
nagios-plugins-2.1.4-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
Comment 3 Fedora Update System 2017-02-16 20:59:12 UTC 
nagios-plugins-2.1.4-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4bf2c82fc6
Comment 4 Fedora Update System 2017-02-16 23:30:45 UTC 
nagios-plugins-2.1.4-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
Comment 5 Fedora Update System 2017-02-17 21:19:00 UTC 
nagios-plugins-2.1.4-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
Comment 6 Fedora Update System 2017-02-25 21:47:07 UTC 
nagios-plugins-2.2.0-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cbb077cc9b
Comment 7 Fedora Update System 2017-02-25 22:36:07 UTC 
nagios-plugins-2.2.0-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
Comment 8 Fedora Update System 2017-02-26 22:49:33 UTC 
nagios-plugins-2.2.0-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
Comment 9 Fedora Update System 2017-03-11 01:03:14 UTC 
nagios-plugins-2.2.0-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
Comment 10 Fedora Update System 2017-03-11 12:50:27 UTC 
nagios-plugins-2.2.0-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
Comment 11 Fedora Update System 2017-03-13 00:38:23 UTC 
nagios-plugins-2.2.0-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
Comment 12 Fedora Update System 2017-03-14 00:19:15 UTC 
nagios-plugins-2.2.0-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
Comment 13 Fedora Update System 2017-04-21 00:09:00 UTC 
nagios-plugins-2.2.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
Comment 14 Fedora Update System 2017-04-22 21:48:25 UTC 
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
Comment 15 Fedora Update System 2017-06-30 03:17:37 UTC 
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.