Created attachment 1114991 [details] patch that resolves issue Description of problem: While parsing command-line arguments, check_dhcp segfaults due to an out-of-bounds array access. I can reproduce this consistently when running a check from Shinken with the following command line (running the same command directly from the shell does not segfault, but this seems to be dumb luck regarding how the memory is allocated): /usr/lib64/nagios/plugins/check_dhcp -s 10.14.204.209 -m 00:de:ad:be:ef:00 -r 10.14.204.251 -u -i ens32 Here's the backtrace from a coredump: #0 0x00007f4e6ed99d42 in _getopt_internal_r (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, optstring=0x7f4e6fb22c75 "hVvt:s:r:t:i:m:u", optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, longind=longind@entry=0x7ffffff4fd04, long_only=long_only@entry=0, d=d@entry=0x7f4e6f07d400 <getopt_data>, posixly_correct=posixly_correct@entry=0) at getopt.c:463 #1 0x00007f4e6ed9aeab in _getopt_internal (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, optstring=optstring@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", longopts=longopts@entry=0x7f4e6fd26040 <long_options.21493>, longind=longind@entry=0x7ffffff4fd04, long_only=long_only@entry=0, posixly_correct=posixly_correct@entry=0) at getopt.c:1176 #2 0x00007f4e6ed9af33 in getopt_long (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0, options=options@entry=0x7f4e6fb22c74 "+hVvt:s:r:t:i:m:u", long_options=long_options@entry=0x7f4e6fd26040 <long_options.21493>, opt_index=opt_index@entry=0x7ffffff4fd04) at getopt1.c:65 #3 0x00007f4e6fb1c2fb in call_getopt (argc=argc@entry=1, argv=argv@entry=0x7ffffff4fec0) at check_dhcp.c:1104 #4 0x00007f4e6fb1c510 in process_arguments (argc=10, argv=0x7ffffff4fe78) at check_dhcp.c:1071 #5 0x00007f4e6fb1a3cd in main (argc=10, argv=<optimized out>) at check_dhcp.c:269 The line where the segfault occurs is (glibc/getopt.c:463): if (d->optind != argc && !strcmp (argv[d->optind], "--")) When this line segfaults, d->optind = 10, but argc = 1 -- clearly d->optind is out-of-bounds. The cause seems to be check_dhcp.c:process_arguments, which causes getopt_long to be called multiple times with different values of argc and argv: while((c+=(call_getopt(argc-c,&argv[c])))<argc){ If I replace this loop with a single call to call_getopt (as in the attached patch), it works flawlessly. Version-Release number of selected component (if applicable): Name : nagios-plugins-dhcp Arch : x86_64 Version : 2.0.3 Release : 3.el7 Size : 61 k Repo : installed From repo : epel
nagios-plugins-2.1.4-5.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
nagios-plugins-2.1.4-5.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0430ba2927
nagios-plugins-2.1.4-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4bf2c82fc6
nagios-plugins-2.1.4-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
nagios-plugins-2.1.4-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d35ac726be
nagios-plugins-2.2.0-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cbb077cc9b
nagios-plugins-2.2.0-4.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
nagios-plugins-2.2.0-4.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-579895db6a
nagios-plugins-2.2.0-6.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
nagios-plugins-2.2.0-6.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-212f3ef76e
nagios-plugins-2.2.0-7.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
nagios-plugins-2.2.0-7.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-756fbbf351
nagios-plugins-2.2.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e452ab1676
nagios-plugins-2.2.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.