Bug 1412016
Summary: | check_http segfaults on a specific (CGI-bin generated) web page | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Jochen Bern <Jochen.Bern> | ||||
Component: | nagios-plugins | Assignee: | Stephen John Smoogen <smooge> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | el6 | CC: | alessandro.crespi, b.heden, mhayden, ondrejj, smooge, smooge, swilkerson | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | nagios-plugins-2.2.1-1.el6 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-06-29 18:17:35 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jochen Bern
2017-01-11 01:18:35 UTC
I am the new nagios-plugins packager. I am checking with upstream if they are aware of this and if not will file the bug there for you. Thank you for the test case. Issue is reported upstream as https://github.com/nagios-plugins/nagios-plugins/issues/226 Isn't this related to this issue? https://github.com/nagios-plugins/nagios-plugins/issues/172 Since updating nagios-plugins, I have this exact crash, and while observing the network traffic, I can see that the server sends back a malformed HTTP response that uses \n instead of \r\n. (partial) hex-dump captures with tcpdump follows: Request (OK): 00000000 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HT TP/1.1.. 00000010 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 68 65 63 User-Age nt: chec 00000020 6b 5f 68 74 74 70 2f 76 32 2e 31 2e 34 20 28 6e k_http/v 2.1.4 (n 00000030 61 67 69 6f 73 2d 70 6c 75 67 69 6e 73 20 32 2e agios-pl ugins 2. 00000040 31 2e 34 29 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 1.4)..Co nnection 00000050 3a 20 63 6c 6f 73 65 0d 0a 48 6f 73 74 3a 20 62 : close. .Host: b 00000060 69 6f 72 6f 62 73 72 76 34 2e 65 70 66 6c 2e 63 iorobsrv 4.epfl.c 00000070 68 3a 32 35 37 35 0d 0a 41 63 63 65 70 74 3a 20 h:2575.. Accept: 00000080 2a 2f 2a 0d 0a 0d 0a */*.... Response (bad line endings): 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0a HTTP/1.1 200 OK. 00000010 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content- Type: te 00000020 78 74 2f 68 74 6d 6c 0a 43 6f 6e 74 65 6e 74 2d xt/html. Content- 00000030 4c 65 6e 67 74 68 3a 20 20 31 30 32 39 0a 0a 3c Length: 1029..< 00000040 68 74 6d 6c 3e 3c 68 65 61 64 65 72 3e 0a 3c 74 html><he ader>.<t ... (In reply to Alessandro Crespi from comment #3) > Isn't this related to this issue? > https://github.com/nagios-plugins/nagios-plugins/issues/172 It seems to be; taking the (original) CGI-bin and replacing all \n in potential output by \r\n makes check_http produce the expected results again, thanks. (I wasn't aware that the CGI-bin is supposed to produce "network format" output, rather than the server OS's standard text format ... or is that an oddity with thttpd?) (In reply to Jochen Bern from comment #4) > (I wasn't aware that the CGI-bin is supposed to produce "network format" > output, rather than the server OS's standard text format ... or is that an > oddity with thttpd?) It is possibly some oddity of thttpd, the CGI spec (RFC 3875) mandates a "NL" terminator, saying that NL is a "newline" and notes "that newline (NL) need not be a single control character, but can be a sequence of control characters.". So it's potentially system and/or server dependent. As far as I can remember I never outputed any \r\n when writing CGIs, the server (usually Apache) did the job (but of course I had to use \r\n when I was directly serving content to a network socket). (In reply to Alessandro Crespi from comment #5) > It is possibly some oddity of thttpd, [...] As far as > I can remember I never outputed any \r\n when writing CGIs, the server > (usually Apache) did the job [...]. I meanwhile checked on our newer platforms, where much the same CGI-bin is served by lighttpd on CentOS 7. tcpdump showed \n instead of \r\n there as well, so I applies the same changes. Might be that just Apache is particularly careful with line separators ... (In reply to Jochen Bern from comment #6) > Might be that just Apache is particularly careful with line separators ... Looks like it is: just tested on our Apache 2.4 server and it definitely translates "\n" to "\r\n" in the headers. It is actually parsing each of them: while testing, I first forgot the empty line between the headers and the "Hello world" text, and I got a 500 error, with logs saying that "Hello world" is not a valid header... nagios-plugins-2.1.4-5.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4e77054bfa nagios-plugins-2.1.4-5.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4e77054bfa nagios-plugins-2.1.4-6.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b820953367 nagios-plugins-2.1.4-7.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-994c77a4cd nagios-plugins-2.1.4-7.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-994c77a4cd nagios-plugins-2.2.0-3.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5d813cd00d nagios-plugins-2.2.0-4.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b0accaba31 nagios-plugins-2.2.0-4.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b0accaba31 nagios-plugins-2.2.0-6.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4a502a08b4 nagios-plugins-2.2.0-6.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4a502a08b4 nagios-plugins-2.2.0-7.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1623674064 nagios-plugins-2.2.0-7.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1623674064 nagios-plugins-2.2.1-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-306cbf64b0 nagios-plugins-2.2.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |